pq_crypto 0.6.1 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/SECURITY.md +7 -0
- data/ext/pqcrypto/pqcrypto_version.h +1 -1
- data/ext/pqcrypto/vendor/.vendored +4 -4
- data/ext/pqcrypto/vendor/mldsa-native/README.md +23 -10
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/README.md +23 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native.c +114 -58
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native.h +498 -461
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native_asm.S +145 -85
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native_config.h +456 -422
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/cbmc.h +47 -25
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/common.h +26 -14
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/ct.h +56 -81
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/debug.h +17 -24
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/fips202.c +33 -40
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/fips202.h +67 -87
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/fips202x4.c +19 -14
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/fips202x4.h +13 -5
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/keccakf1600.c +84 -10
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/keccakf1600.h +10 -5
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/auto.h +6 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/fips202_native_aarch64.h +22 -15
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x1_scalar_aarch64_asm.S +376 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x1_v84a_aarch64_asm.S +204 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x2_v84a_aarch64_asm.S +259 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x4_v8a_scalar_hybrid_aarch64_asm.S +1077 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x4_v8a_v84a_scalar_hybrid_aarch64_asm.S +987 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccakf1600_round_constants.c +16 -10
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x1_scalar.h +2 -1
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x1_v84a.h +1 -1
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x2_v84a.h +4 -2
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x4_v8a_scalar.h +2 -2
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x4_v8a_v84a_scalar.h +1 -1
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/api.h +60 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/mve.h +48 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/src/fips202_native_armv81m.h +18 -1
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/src/keccak_f1600_x4_mve.S +658 -582
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/src/keccak_f1600_x4_mve.c +5 -100
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/src/keccakf1600_round_constants.c +26 -25
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/src/state_extract_bytes_x4_mve.S +334 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/src/state_xor_bytes_x4_mve.S +355 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/auto.h +8 -3
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/x86_64/{xkcp.h → keccak_f1600_x4_avx2.h} +11 -8
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/x86_64/src/fips202_native_x86_64.h +44 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/x86_64/src/keccak_f1600_x4_avx2_asm.S +454 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/x86_64/src/keccakf1600_constants.c +52 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/meta.h +37 -28
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/aarch64_zetas.c +213 -196
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/arith_native_aarch64.h +248 -64
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/intt_aarch64_asm.S +753 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/mld_polyvecl_pointwise_acc_montgomery_l4_aarch64_asm.S +129 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/mld_polyvecl_pointwise_acc_montgomery_l5_aarch64_asm.S +145 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/mld_polyvecl_pointwise_acc_montgomery_l7_aarch64_asm.S +177 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/ntt_aarch64_asm.S +653 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/pointwise_montgomery_aarch64_asm.S +84 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_caddq_aarch64_asm.S +53 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_chknorm_aarch64_asm.S +55 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_decompose_32_aarch64_asm.S +86 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_decompose_88_aarch64_asm.S +86 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_use_hint_32_aarch64_asm.S +103 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_use_hint_88_aarch64_asm.S +111 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/polyz_unpack_17_aarch64_asm.S +75 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/polyz_unpack_19_aarch64_asm.S +72 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/polyz_unpack_table.c +23 -11
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_aarch64_asm.S +189 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_eta2_aarch64_asm.S +137 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_eta4_aarch64_asm.S +130 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_eta_table.c +520 -516
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_table.c +34 -33
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/api.h +202 -242
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/meta.h +25 -17
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/arith_native_x86_64.h +112 -28
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/consts.c +1 -1
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/consts.h +1 -1
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/intt_avx2_asm.S +2311 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/ntt_avx2_asm.S +2383 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/nttunpack_avx2_asm.S +238 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise_acc_l4_avx2_asm.S +139 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise_acc_l5_avx2_asm.S +155 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise_acc_l7_avx2_asm.S +187 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise_avx2_asm.S +130 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/poly_caddq_avx2_asm.S +190 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/poly_decompose_32_avx2.c +6 -4
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/poly_decompose_88_avx2.c +6 -4
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/poly_use_hint_32_avx2.c +9 -8
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/poly_use_hint_88_avx2.c +10 -9
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/polyz_unpack_17_avx2.c +8 -5
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/polyz_unpack_19_avx2.c +8 -5
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/rej_uniform_eta2_avx2.c +6 -4
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/rej_uniform_eta4_avx2.c +6 -4
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/rej_uniform_table.c +130 -129
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/packing.c +109 -180
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/packing.h +169 -150
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/poly.c +56 -40
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/poly.h +149 -164
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/poly_kl.c +52 -57
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/poly_kl.h +132 -167
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/polyvec.c +57 -424
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/polyvec.h +167 -474
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/polyvec_lazy.c +308 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/polyvec_lazy.h +653 -0
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/reduce.h +22 -29
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/rounding.h +37 -43
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/sign.c +511 -367
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/sign.h +456 -417
- data/lib/pq_crypto/version.rb +1 -1
- data/script/vendor_libs.rb +3 -3
- metadata +41 -35
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x1_scalar_asm.S +0 -376
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x1_v84a_asm.S +0 -204
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x2_v84a_asm.S +0 -259
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x4_v8a_scalar_hybrid_asm.S +0 -1077
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm.S +0 -987
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/x86_64/src/KeccakP_1600_times4_SIMD256.c +0 -488
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/x86_64/src/KeccakP_1600_times4_SIMD256.h +0 -16
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/intt.S +0 -753
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/mld_polyvecl_pointwise_acc_montgomery_l4.S +0 -129
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/mld_polyvecl_pointwise_acc_montgomery_l5.S +0 -145
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/mld_polyvecl_pointwise_acc_montgomery_l7.S +0 -177
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/ntt.S +0 -653
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/pointwise_montgomery.S +0 -79
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_caddq_asm.S +0 -53
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_chknorm_asm.S +0 -55
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_decompose_32_asm.S +0 -85
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_decompose_88_asm.S +0 -85
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_use_hint_32_asm.S +0 -102
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/poly_use_hint_88_asm.S +0 -110
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/polyz_unpack_17_asm.S +0 -72
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/polyz_unpack_19_asm.S +0 -69
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_asm.S +0 -189
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_eta2_asm.S +0 -135
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/rej_uniform_eta4_asm.S +0 -128
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/intt.S +0 -2311
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/ntt.S +0 -2383
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/nttunpack.S +0 -239
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise.S +0 -131
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise_acc_l4.S +0 -139
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise_acc_l5.S +0 -155
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/pointwise_acc_l7.S +0 -187
- data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/x86_64/src/poly_caddq_avx2.c +0 -61
|
@@ -1,488 +0,0 @@
|
|
|
1
|
-
/*
|
|
2
|
-
* Copyright (c) The mlkem-native project authors
|
|
3
|
-
* Copyright (c) The mldsa-native project authors
|
|
4
|
-
* SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
|
|
5
|
-
*/
|
|
6
|
-
|
|
7
|
-
/*
|
|
8
|
-
Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
|
|
9
|
-
Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby
|
|
10
|
-
denoted as "the implementer".
|
|
11
|
-
|
|
12
|
-
For more information, feedback or questions, please refer to our websites:
|
|
13
|
-
http://keccak.noekeon.org/
|
|
14
|
-
http://keyak.noekeon.org/
|
|
15
|
-
http://ketje.noekeon.org/
|
|
16
|
-
|
|
17
|
-
To the extent possible under law, the implementer has waived all copyright
|
|
18
|
-
and related or neighboring rights to the source code in this file.
|
|
19
|
-
http://creativecommons.org/publicdomain/zero/1.0/
|
|
20
|
-
*/
|
|
21
|
-
|
|
22
|
-
/*
|
|
23
|
-
* Changes for mlkem-native/mldsa-native:
|
|
24
|
-
* - MLD_COPY_FROM_STATE and MLD_COPY_TO_STATE operate on uninterleaved
|
|
25
|
-
* Keccak states in memory.
|
|
26
|
-
*/
|
|
27
|
-
|
|
28
|
-
#include "../../../../common.h"
|
|
29
|
-
#if defined(MLD_FIPS202_X86_64_XKCP) && \
|
|
30
|
-
!defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)
|
|
31
|
-
|
|
32
|
-
#include <immintrin.h>
|
|
33
|
-
|
|
34
|
-
#include "KeccakP_1600_times4_SIMD256.h"
|
|
35
|
-
|
|
36
|
-
#ifndef MLD_SYS_LITTLE_ENDIAN
|
|
37
|
-
#error Expecting a little-endian platform
|
|
38
|
-
#endif
|
|
39
|
-
|
|
40
|
-
#define MLD_ANDNU256(a, b) _mm256_andnot_si256(a, b)
|
|
41
|
-
#define MLD_CONST256(a) _mm256_load_si256((const __m256i *)&(a))
|
|
42
|
-
#define MLD_CONST256_64(a) (__m256i) _mm256_broadcast_sd((const double *)(&a))
|
|
43
|
-
#define MLD_ROL64IN256(d, a, o) \
|
|
44
|
-
d = _mm256_or_si256(_mm256_slli_epi64(a, o), _mm256_srli_epi64(a, 64 - (o)))
|
|
45
|
-
#define MLD_ROL64IN256_8(d, a) \
|
|
46
|
-
d = _mm256_shuffle_epi8(a, MLD_CONST256(mld_rho8))
|
|
47
|
-
#define MLD_ROL64IN256_56(d, a) \
|
|
48
|
-
d = _mm256_shuffle_epi8(a, MLD_CONST256(mld_rho56))
|
|
49
|
-
static const uint64_t mld_rho8[4] = {0x0605040302010007, 0x0E0D0C0B0A09080F,
|
|
50
|
-
0x1615141312111017, 0x1E1D1C1B1A19181F};
|
|
51
|
-
static const uint64_t mld_rho56[4] = {0x0007060504030201, 0x080F0E0D0C0B0A09,
|
|
52
|
-
0x1017161514131211, 0x181F1E1D1C1B1A19};
|
|
53
|
-
#define MLD_STORE256(a, b) _mm256_store_si256((__m256i *)&(a), b)
|
|
54
|
-
#define MLD_XOR256(a, b) _mm256_xor_si256(a, b)
|
|
55
|
-
#define MLD_XOREQ256(a, b) a = _mm256_xor_si256(a, b)
|
|
56
|
-
|
|
57
|
-
#define MLD_SNP_LANELENGTHINBYTES 8
|
|
58
|
-
|
|
59
|
-
#define MLD_DECLARE_ABCDE \
|
|
60
|
-
__m256i Aba, Abe, Abi, Abo, Abu; \
|
|
61
|
-
__m256i Aga, Age, Agi, Ago, Agu; \
|
|
62
|
-
__m256i Aka, Ake, Aki, Ako, Aku; \
|
|
63
|
-
__m256i Ama, Ame, Ami, Amo, Amu; \
|
|
64
|
-
__m256i Asa, Ase, Asi, Aso, Asu; \
|
|
65
|
-
__m256i Bba, Bbe, Bbi, Bbo, Bbu; \
|
|
66
|
-
__m256i Bga, Bge, Bgi, Bgo, Bgu; \
|
|
67
|
-
__m256i Bka, Bke, Bki, Bko, Bku; \
|
|
68
|
-
__m256i Bma, Bme, Bmi, Bmo, Bmu; \
|
|
69
|
-
__m256i Bsa, Bse, Bsi, Bso, Bsu; \
|
|
70
|
-
__m256i Ca, Ce, Ci, Co, Cu; \
|
|
71
|
-
__m256i Ca1, Ce1, Ci1, Co1, Cu1; \
|
|
72
|
-
__m256i Da, De, Di, Do, Du; \
|
|
73
|
-
__m256i Eba, Ebe, Ebi, Ebo, Ebu; \
|
|
74
|
-
__m256i Ega, Ege, Egi, Ego, Egu; \
|
|
75
|
-
__m256i Eka, Eke, Eki, Eko, Eku; \
|
|
76
|
-
__m256i Ema, Eme, Emi, Emo, Emu; \
|
|
77
|
-
__m256i Esa, Ese, Esi, Eso, Esu;
|
|
78
|
-
|
|
79
|
-
#define MLD_prepareTheta \
|
|
80
|
-
Ca = \
|
|
81
|
-
MLD_XOR256(Aba, MLD_XOR256(Aga, MLD_XOR256(Aka, MLD_XOR256(Ama, Asa)))); \
|
|
82
|
-
Ce = \
|
|
83
|
-
MLD_XOR256(Abe, MLD_XOR256(Age, MLD_XOR256(Ake, MLD_XOR256(Ame, Ase)))); \
|
|
84
|
-
Ci = \
|
|
85
|
-
MLD_XOR256(Abi, MLD_XOR256(Agi, MLD_XOR256(Aki, MLD_XOR256(Ami, Asi)))); \
|
|
86
|
-
Co = \
|
|
87
|
-
MLD_XOR256(Abo, MLD_XOR256(Ago, MLD_XOR256(Ako, MLD_XOR256(Amo, Aso)))); \
|
|
88
|
-
Cu = MLD_XOR256(Abu, MLD_XOR256(Agu, MLD_XOR256(Aku, MLD_XOR256(Amu, Asu))));
|
|
89
|
-
|
|
90
|
-
/*
|
|
91
|
-
* --- Theta Rho Pi Chi Iota Prepare-theta
|
|
92
|
-
* --- 64-bit lanes mapped to 64-bit words
|
|
93
|
-
*/
|
|
94
|
-
#define MLD_thetaRhoPiChiIotaPrepareTheta(i, A, E) \
|
|
95
|
-
MLD_ROL64IN256(Ce1, Ce, 1); \
|
|
96
|
-
Da = MLD_XOR256(Cu, Ce1); \
|
|
97
|
-
MLD_ROL64IN256(Ci1, Ci, 1); \
|
|
98
|
-
De = MLD_XOR256(Ca, Ci1); \
|
|
99
|
-
MLD_ROL64IN256(Co1, Co, 1); \
|
|
100
|
-
Di = MLD_XOR256(Ce, Co1); \
|
|
101
|
-
MLD_ROL64IN256(Cu1, Cu, 1); \
|
|
102
|
-
Do = MLD_XOR256(Ci, Cu1); \
|
|
103
|
-
MLD_ROL64IN256(Ca1, Ca, 1); \
|
|
104
|
-
Du = MLD_XOR256(Co, Ca1); \
|
|
105
|
-
\
|
|
106
|
-
MLD_XOREQ256(A##ba, Da); \
|
|
107
|
-
Bba = A##ba; \
|
|
108
|
-
MLD_XOREQ256(A##ge, De); \
|
|
109
|
-
MLD_ROL64IN256(Bbe, A##ge, 44); \
|
|
110
|
-
MLD_XOREQ256(A##ki, Di); \
|
|
111
|
-
MLD_ROL64IN256(Bbi, A##ki, 43); \
|
|
112
|
-
E##ba = MLD_XOR256(Bba, MLD_ANDNU256(Bbe, Bbi)); \
|
|
113
|
-
MLD_XOREQ256(E##ba, MLD_CONST256_64(mld_keccakf1600RoundConstants[i])); \
|
|
114
|
-
Ca = E##ba; \
|
|
115
|
-
MLD_XOREQ256(A##mo, Do); \
|
|
116
|
-
MLD_ROL64IN256(Bbo, A##mo, 21); \
|
|
117
|
-
E##be = MLD_XOR256(Bbe, MLD_ANDNU256(Bbi, Bbo)); \
|
|
118
|
-
Ce = E##be; \
|
|
119
|
-
MLD_XOREQ256(A##su, Du); \
|
|
120
|
-
MLD_ROL64IN256(Bbu, A##su, 14); \
|
|
121
|
-
E##bi = MLD_XOR256(Bbi, MLD_ANDNU256(Bbo, Bbu)); \
|
|
122
|
-
Ci = E##bi; \
|
|
123
|
-
E##bo = MLD_XOR256(Bbo, MLD_ANDNU256(Bbu, Bba)); \
|
|
124
|
-
Co = E##bo; \
|
|
125
|
-
E##bu = MLD_XOR256(Bbu, MLD_ANDNU256(Bba, Bbe)); \
|
|
126
|
-
Cu = E##bu; \
|
|
127
|
-
\
|
|
128
|
-
MLD_XOREQ256(A##bo, Do); \
|
|
129
|
-
MLD_ROL64IN256(Bga, A##bo, 28); \
|
|
130
|
-
MLD_XOREQ256(A##gu, Du); \
|
|
131
|
-
MLD_ROL64IN256(Bge, A##gu, 20); \
|
|
132
|
-
MLD_XOREQ256(A##ka, Da); \
|
|
133
|
-
MLD_ROL64IN256(Bgi, A##ka, 3); \
|
|
134
|
-
E##ga = MLD_XOR256(Bga, MLD_ANDNU256(Bge, Bgi)); \
|
|
135
|
-
MLD_XOREQ256(Ca, E##ga); \
|
|
136
|
-
MLD_XOREQ256(A##me, De); \
|
|
137
|
-
MLD_ROL64IN256(Bgo, A##me, 45); \
|
|
138
|
-
E##ge = MLD_XOR256(Bge, MLD_ANDNU256(Bgi, Bgo)); \
|
|
139
|
-
MLD_XOREQ256(Ce, E##ge); \
|
|
140
|
-
MLD_XOREQ256(A##si, Di); \
|
|
141
|
-
MLD_ROL64IN256(Bgu, A##si, 61); \
|
|
142
|
-
E##gi = MLD_XOR256(Bgi, MLD_ANDNU256(Bgo, Bgu)); \
|
|
143
|
-
MLD_XOREQ256(Ci, E##gi); \
|
|
144
|
-
E##go = MLD_XOR256(Bgo, MLD_ANDNU256(Bgu, Bga)); \
|
|
145
|
-
MLD_XOREQ256(Co, E##go); \
|
|
146
|
-
E##gu = MLD_XOR256(Bgu, MLD_ANDNU256(Bga, Bge)); \
|
|
147
|
-
MLD_XOREQ256(Cu, E##gu); \
|
|
148
|
-
\
|
|
149
|
-
MLD_XOREQ256(A##be, De); \
|
|
150
|
-
MLD_ROL64IN256(Bka, A##be, 1); \
|
|
151
|
-
MLD_XOREQ256(A##gi, Di); \
|
|
152
|
-
MLD_ROL64IN256(Bke, A##gi, 6); \
|
|
153
|
-
MLD_XOREQ256(A##ko, Do); \
|
|
154
|
-
MLD_ROL64IN256(Bki, A##ko, 25); \
|
|
155
|
-
E##ka = MLD_XOR256(Bka, MLD_ANDNU256(Bke, Bki)); \
|
|
156
|
-
MLD_XOREQ256(Ca, E##ka); \
|
|
157
|
-
MLD_XOREQ256(A##mu, Du); \
|
|
158
|
-
MLD_ROL64IN256_8(Bko, A##mu); \
|
|
159
|
-
E##ke = MLD_XOR256(Bke, MLD_ANDNU256(Bki, Bko)); \
|
|
160
|
-
MLD_XOREQ256(Ce, E##ke); \
|
|
161
|
-
MLD_XOREQ256(A##sa, Da); \
|
|
162
|
-
MLD_ROL64IN256(Bku, A##sa, 18); \
|
|
163
|
-
E##ki = MLD_XOR256(Bki, MLD_ANDNU256(Bko, Bku)); \
|
|
164
|
-
MLD_XOREQ256(Ci, E##ki); \
|
|
165
|
-
E##ko = MLD_XOR256(Bko, MLD_ANDNU256(Bku, Bka)); \
|
|
166
|
-
MLD_XOREQ256(Co, E##ko); \
|
|
167
|
-
E##ku = MLD_XOR256(Bku, MLD_ANDNU256(Bka, Bke)); \
|
|
168
|
-
MLD_XOREQ256(Cu, E##ku); \
|
|
169
|
-
\
|
|
170
|
-
MLD_XOREQ256(A##bu, Du); \
|
|
171
|
-
MLD_ROL64IN256(Bma, A##bu, 27); \
|
|
172
|
-
MLD_XOREQ256(A##ga, Da); \
|
|
173
|
-
MLD_ROL64IN256(Bme, A##ga, 36); \
|
|
174
|
-
MLD_XOREQ256(A##ke, De); \
|
|
175
|
-
MLD_ROL64IN256(Bmi, A##ke, 10); \
|
|
176
|
-
E##ma = MLD_XOR256(Bma, MLD_ANDNU256(Bme, Bmi)); \
|
|
177
|
-
MLD_XOREQ256(Ca, E##ma); \
|
|
178
|
-
MLD_XOREQ256(A##mi, Di); \
|
|
179
|
-
MLD_ROL64IN256(Bmo, A##mi, 15); \
|
|
180
|
-
E##me = MLD_XOR256(Bme, MLD_ANDNU256(Bmi, Bmo)); \
|
|
181
|
-
MLD_XOREQ256(Ce, E##me); \
|
|
182
|
-
MLD_XOREQ256(A##so, Do); \
|
|
183
|
-
MLD_ROL64IN256_56(Bmu, A##so); \
|
|
184
|
-
E##mi = MLD_XOR256(Bmi, MLD_ANDNU256(Bmo, Bmu)); \
|
|
185
|
-
MLD_XOREQ256(Ci, E##mi); \
|
|
186
|
-
E##mo = MLD_XOR256(Bmo, MLD_ANDNU256(Bmu, Bma)); \
|
|
187
|
-
MLD_XOREQ256(Co, E##mo); \
|
|
188
|
-
E##mu = MLD_XOR256(Bmu, MLD_ANDNU256(Bma, Bme)); \
|
|
189
|
-
MLD_XOREQ256(Cu, E##mu); \
|
|
190
|
-
\
|
|
191
|
-
MLD_XOREQ256(A##bi, Di); \
|
|
192
|
-
MLD_ROL64IN256(Bsa, A##bi, 62); \
|
|
193
|
-
MLD_XOREQ256(A##go, Do); \
|
|
194
|
-
MLD_ROL64IN256(Bse, A##go, 55); \
|
|
195
|
-
MLD_XOREQ256(A##ku, Du); \
|
|
196
|
-
MLD_ROL64IN256(Bsi, A##ku, 39); \
|
|
197
|
-
E##sa = MLD_XOR256(Bsa, MLD_ANDNU256(Bse, Bsi)); \
|
|
198
|
-
MLD_XOREQ256(Ca, E##sa); \
|
|
199
|
-
MLD_XOREQ256(A##ma, Da); \
|
|
200
|
-
MLD_ROL64IN256(Bso, A##ma, 41); \
|
|
201
|
-
E##se = MLD_XOR256(Bse, MLD_ANDNU256(Bsi, Bso)); \
|
|
202
|
-
MLD_XOREQ256(Ce, E##se); \
|
|
203
|
-
MLD_XOREQ256(A##se, De); \
|
|
204
|
-
MLD_ROL64IN256(Bsu, A##se, 2); \
|
|
205
|
-
E##si = MLD_XOR256(Bsi, MLD_ANDNU256(Bso, Bsu)); \
|
|
206
|
-
MLD_XOREQ256(Ci, E##si); \
|
|
207
|
-
E##so = MLD_XOR256(Bso, MLD_ANDNU256(Bsu, Bsa)); \
|
|
208
|
-
MLD_XOREQ256(Co, E##so); \
|
|
209
|
-
E##su = MLD_XOR256(Bsu, MLD_ANDNU256(Bsa, Bse)); \
|
|
210
|
-
MLD_XOREQ256(Cu, E##su);
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
/*
|
|
214
|
-
* --- Theta Rho Pi Chi Iota
|
|
215
|
-
* --- 64-bit lanes mapped to 64-bit words
|
|
216
|
-
*/
|
|
217
|
-
#define MLD_thetaRhoPiChiIota(i, A, E) \
|
|
218
|
-
MLD_ROL64IN256(Ce1, Ce, 1); \
|
|
219
|
-
Da = MLD_XOR256(Cu, Ce1); \
|
|
220
|
-
MLD_ROL64IN256(Ci1, Ci, 1); \
|
|
221
|
-
De = MLD_XOR256(Ca, Ci1); \
|
|
222
|
-
MLD_ROL64IN256(Co1, Co, 1); \
|
|
223
|
-
Di = MLD_XOR256(Ce, Co1); \
|
|
224
|
-
MLD_ROL64IN256(Cu1, Cu, 1); \
|
|
225
|
-
Do = MLD_XOR256(Ci, Cu1); \
|
|
226
|
-
MLD_ROL64IN256(Ca1, Ca, 1); \
|
|
227
|
-
Du = MLD_XOR256(Co, Ca1); \
|
|
228
|
-
\
|
|
229
|
-
MLD_XOREQ256(A##ba, Da); \
|
|
230
|
-
Bba = A##ba; \
|
|
231
|
-
MLD_XOREQ256(A##ge, De); \
|
|
232
|
-
MLD_ROL64IN256(Bbe, A##ge, 44); \
|
|
233
|
-
MLD_XOREQ256(A##ki, Di); \
|
|
234
|
-
MLD_ROL64IN256(Bbi, A##ki, 43); \
|
|
235
|
-
E##ba = MLD_XOR256(Bba, MLD_ANDNU256(Bbe, Bbi)); \
|
|
236
|
-
MLD_XOREQ256(E##ba, MLD_CONST256_64(mld_keccakf1600RoundConstants[i])); \
|
|
237
|
-
MLD_XOREQ256(A##mo, Do); \
|
|
238
|
-
MLD_ROL64IN256(Bbo, A##mo, 21); \
|
|
239
|
-
E##be = MLD_XOR256(Bbe, MLD_ANDNU256(Bbi, Bbo)); \
|
|
240
|
-
MLD_XOREQ256(A##su, Du); \
|
|
241
|
-
MLD_ROL64IN256(Bbu, A##su, 14); \
|
|
242
|
-
E##bi = MLD_XOR256(Bbi, MLD_ANDNU256(Bbo, Bbu)); \
|
|
243
|
-
E##bo = MLD_XOR256(Bbo, MLD_ANDNU256(Bbu, Bba)); \
|
|
244
|
-
E##bu = MLD_XOR256(Bbu, MLD_ANDNU256(Bba, Bbe)); \
|
|
245
|
-
\
|
|
246
|
-
MLD_XOREQ256(A##bo, Do); \
|
|
247
|
-
MLD_ROL64IN256(Bga, A##bo, 28); \
|
|
248
|
-
MLD_XOREQ256(A##gu, Du); \
|
|
249
|
-
MLD_ROL64IN256(Bge, A##gu, 20); \
|
|
250
|
-
MLD_XOREQ256(A##ka, Da); \
|
|
251
|
-
MLD_ROL64IN256(Bgi, A##ka, 3); \
|
|
252
|
-
E##ga = MLD_XOR256(Bga, MLD_ANDNU256(Bge, Bgi)); \
|
|
253
|
-
MLD_XOREQ256(A##me, De); \
|
|
254
|
-
MLD_ROL64IN256(Bgo, A##me, 45); \
|
|
255
|
-
E##ge = MLD_XOR256(Bge, MLD_ANDNU256(Bgi, Bgo)); \
|
|
256
|
-
MLD_XOREQ256(A##si, Di); \
|
|
257
|
-
MLD_ROL64IN256(Bgu, A##si, 61); \
|
|
258
|
-
E##gi = MLD_XOR256(Bgi, MLD_ANDNU256(Bgo, Bgu)); \
|
|
259
|
-
E##go = MLD_XOR256(Bgo, MLD_ANDNU256(Bgu, Bga)); \
|
|
260
|
-
E##gu = MLD_XOR256(Bgu, MLD_ANDNU256(Bga, Bge)); \
|
|
261
|
-
\
|
|
262
|
-
MLD_XOREQ256(A##be, De); \
|
|
263
|
-
MLD_ROL64IN256(Bka, A##be, 1); \
|
|
264
|
-
MLD_XOREQ256(A##gi, Di); \
|
|
265
|
-
MLD_ROL64IN256(Bke, A##gi, 6); \
|
|
266
|
-
MLD_XOREQ256(A##ko, Do); \
|
|
267
|
-
MLD_ROL64IN256(Bki, A##ko, 25); \
|
|
268
|
-
E##ka = MLD_XOR256(Bka, MLD_ANDNU256(Bke, Bki)); \
|
|
269
|
-
MLD_XOREQ256(A##mu, Du); \
|
|
270
|
-
MLD_ROL64IN256_8(Bko, A##mu); \
|
|
271
|
-
E##ke = MLD_XOR256(Bke, MLD_ANDNU256(Bki, Bko)); \
|
|
272
|
-
MLD_XOREQ256(A##sa, Da); \
|
|
273
|
-
MLD_ROL64IN256(Bku, A##sa, 18); \
|
|
274
|
-
E##ki = MLD_XOR256(Bki, MLD_ANDNU256(Bko, Bku)); \
|
|
275
|
-
E##ko = MLD_XOR256(Bko, MLD_ANDNU256(Bku, Bka)); \
|
|
276
|
-
E##ku = MLD_XOR256(Bku, MLD_ANDNU256(Bka, Bke)); \
|
|
277
|
-
\
|
|
278
|
-
MLD_XOREQ256(A##bu, Du); \
|
|
279
|
-
MLD_ROL64IN256(Bma, A##bu, 27); \
|
|
280
|
-
MLD_XOREQ256(A##ga, Da); \
|
|
281
|
-
MLD_ROL64IN256(Bme, A##ga, 36); \
|
|
282
|
-
MLD_XOREQ256(A##ke, De); \
|
|
283
|
-
MLD_ROL64IN256(Bmi, A##ke, 10); \
|
|
284
|
-
E##ma = MLD_XOR256(Bma, MLD_ANDNU256(Bme, Bmi)); \
|
|
285
|
-
MLD_XOREQ256(A##mi, Di); \
|
|
286
|
-
MLD_ROL64IN256(Bmo, A##mi, 15); \
|
|
287
|
-
E##me = MLD_XOR256(Bme, MLD_ANDNU256(Bmi, Bmo)); \
|
|
288
|
-
MLD_XOREQ256(A##so, Do); \
|
|
289
|
-
MLD_ROL64IN256_56(Bmu, A##so); \
|
|
290
|
-
E##mi = MLD_XOR256(Bmi, MLD_ANDNU256(Bmo, Bmu)); \
|
|
291
|
-
E##mo = MLD_XOR256(Bmo, MLD_ANDNU256(Bmu, Bma)); \
|
|
292
|
-
E##mu = MLD_XOR256(Bmu, MLD_ANDNU256(Bma, Bme)); \
|
|
293
|
-
\
|
|
294
|
-
MLD_XOREQ256(A##bi, Di); \
|
|
295
|
-
MLD_ROL64IN256(Bsa, A##bi, 62); \
|
|
296
|
-
MLD_XOREQ256(A##go, Do); \
|
|
297
|
-
MLD_ROL64IN256(Bse, A##go, 55); \
|
|
298
|
-
MLD_XOREQ256(A##ku, Du); \
|
|
299
|
-
MLD_ROL64IN256(Bsi, A##ku, 39); \
|
|
300
|
-
E##sa = MLD_XOR256(Bsa, MLD_ANDNU256(Bse, Bsi)); \
|
|
301
|
-
MLD_XOREQ256(A##ma, Da); \
|
|
302
|
-
MLD_ROL64IN256(Bso, A##ma, 41); \
|
|
303
|
-
E##se = MLD_XOR256(Bse, MLD_ANDNU256(Bsi, Bso)); \
|
|
304
|
-
MLD_XOREQ256(A##se, De); \
|
|
305
|
-
MLD_ROL64IN256(Bsu, A##se, 2); \
|
|
306
|
-
E##si = MLD_XOR256(Bsi, MLD_ANDNU256(Bso, Bsu)); \
|
|
307
|
-
E##so = MLD_XOR256(Bso, MLD_ANDNU256(Bsu, Bsa)); \
|
|
308
|
-
E##su = MLD_XOR256(Bsu, MLD_ANDNU256(Bsa, Bse));
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
static MLD_ALIGN const uint64_t mld_keccakf1600RoundConstants[24] = {
|
|
312
|
-
(uint64_t)0x0000000000000001ULL, (uint64_t)0x0000000000008082ULL,
|
|
313
|
-
(uint64_t)0x800000000000808aULL, (uint64_t)0x8000000080008000ULL,
|
|
314
|
-
(uint64_t)0x000000000000808bULL, (uint64_t)0x0000000080000001ULL,
|
|
315
|
-
(uint64_t)0x8000000080008081ULL, (uint64_t)0x8000000000008009ULL,
|
|
316
|
-
(uint64_t)0x000000000000008aULL, (uint64_t)0x0000000000000088ULL,
|
|
317
|
-
(uint64_t)0x0000000080008009ULL, (uint64_t)0x000000008000000aULL,
|
|
318
|
-
(uint64_t)0x000000008000808bULL, (uint64_t)0x800000000000008bULL,
|
|
319
|
-
(uint64_t)0x8000000000008089ULL, (uint64_t)0x8000000000008003ULL,
|
|
320
|
-
(uint64_t)0x8000000000008002ULL, (uint64_t)0x8000000000000080ULL,
|
|
321
|
-
(uint64_t)0x000000000000800aULL, (uint64_t)0x800000008000000aULL,
|
|
322
|
-
(uint64_t)0x8000000080008081ULL, (uint64_t)0x8000000000008080ULL,
|
|
323
|
-
(uint64_t)0x0000000080000001ULL, (uint64_t)0x8000000080008008ULL};
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
#define MLD_COPY_FROM_STATE(X, state) \
|
|
327
|
-
do \
|
|
328
|
-
{ \
|
|
329
|
-
const uint64_t *state64 = (const uint64_t *)(state); \
|
|
330
|
-
__m256i _idx = \
|
|
331
|
-
_mm256_set_epi64x((long long)&state64[75], (long long)&state64[50], \
|
|
332
|
-
(long long)&state64[25], (long long)&state64[0]); \
|
|
333
|
-
X##ba = _mm256_i64gather_epi64((long long *)(0 * 8), _idx, 1); \
|
|
334
|
-
X##be = _mm256_i64gather_epi64((long long *)(1 * 8), _idx, 1); \
|
|
335
|
-
X##bi = _mm256_i64gather_epi64((long long *)(2 * 8), _idx, 1); \
|
|
336
|
-
X##bo = _mm256_i64gather_epi64((long long *)(3 * 8), _idx, 1); \
|
|
337
|
-
X##bu = _mm256_i64gather_epi64((long long *)(4 * 8), _idx, 1); \
|
|
338
|
-
X##ga = _mm256_i64gather_epi64((long long *)(5 * 8), _idx, 1); \
|
|
339
|
-
X##ge = _mm256_i64gather_epi64((long long *)(6 * 8), _idx, 1); \
|
|
340
|
-
X##gi = _mm256_i64gather_epi64((long long *)(7 * 8), _idx, 1); \
|
|
341
|
-
X##go = _mm256_i64gather_epi64((long long *)(8 * 8), _idx, 1); \
|
|
342
|
-
X##gu = _mm256_i64gather_epi64((long long *)(9 * 8), _idx, 1); \
|
|
343
|
-
X##ka = _mm256_i64gather_epi64((long long *)(10 * 8), _idx, 1); \
|
|
344
|
-
X##ke = _mm256_i64gather_epi64((long long *)(11 * 8), _idx, 1); \
|
|
345
|
-
X##ki = _mm256_i64gather_epi64((long long *)(12 * 8), _idx, 1); \
|
|
346
|
-
X##ko = _mm256_i64gather_epi64((long long *)(13 * 8), _idx, 1); \
|
|
347
|
-
X##ku = _mm256_i64gather_epi64((long long *)(14 * 8), _idx, 1); \
|
|
348
|
-
X##ma = _mm256_i64gather_epi64((long long *)(15 * 8), _idx, 1); \
|
|
349
|
-
X##me = _mm256_i64gather_epi64((long long *)(16 * 8), _idx, 1); \
|
|
350
|
-
X##mi = _mm256_i64gather_epi64((long long *)(17 * 8), _idx, 1); \
|
|
351
|
-
X##mo = _mm256_i64gather_epi64((long long *)(18 * 8), _idx, 1); \
|
|
352
|
-
X##mu = _mm256_i64gather_epi64((long long *)(19 * 8), _idx, 1); \
|
|
353
|
-
X##sa = _mm256_i64gather_epi64((long long *)(20 * 8), _idx, 1); \
|
|
354
|
-
X##se = _mm256_i64gather_epi64((long long *)(21 * 8), _idx, 1); \
|
|
355
|
-
X##si = _mm256_i64gather_epi64((long long *)(22 * 8), _idx, 1); \
|
|
356
|
-
X##so = _mm256_i64gather_epi64((long long *)(23 * 8), _idx, 1); \
|
|
357
|
-
X##su = _mm256_i64gather_epi64((long long *)(24 * 8), _idx, 1); \
|
|
358
|
-
} while (0);
|
|
359
|
-
|
|
360
|
-
#define MLD_SCATTER_STORE256(state, idx, v) \
|
|
361
|
-
do \
|
|
362
|
-
{ \
|
|
363
|
-
const uint64_t *state64 = (const uint64_t *)(state); \
|
|
364
|
-
__m128d t = _mm_castsi128_pd(_mm256_castsi256_si128((v))); \
|
|
365
|
-
_mm_storel_pd((double *)&state64[0 + (idx)], t); \
|
|
366
|
-
_mm_storeh_pd((double *)&state64[25 + (idx)], t); \
|
|
367
|
-
t = _mm_castsi128_pd(_mm256_extracti128_si256((v), 1)); \
|
|
368
|
-
_mm_storel_pd((double *)&state64[50 + (idx)], t); \
|
|
369
|
-
_mm_storeh_pd((double *)&state64[75 + (idx)], t); \
|
|
370
|
-
} while (0)
|
|
371
|
-
|
|
372
|
-
#define MLD_COPY_TO_STATE(state, X) \
|
|
373
|
-
MLD_SCATTER_STORE256(state, 0, X##ba); \
|
|
374
|
-
MLD_SCATTER_STORE256(state, 1, X##be); \
|
|
375
|
-
MLD_SCATTER_STORE256(state, 2, X##bi); \
|
|
376
|
-
MLD_SCATTER_STORE256(state, 3, X##bo); \
|
|
377
|
-
MLD_SCATTER_STORE256(state, 4, X##bu); \
|
|
378
|
-
MLD_SCATTER_STORE256(state, 5, X##ga); \
|
|
379
|
-
MLD_SCATTER_STORE256(state, 6, X##ge); \
|
|
380
|
-
MLD_SCATTER_STORE256(state, 7, X##gi); \
|
|
381
|
-
MLD_SCATTER_STORE256(state, 8, X##go); \
|
|
382
|
-
MLD_SCATTER_STORE256(state, 9, X##gu); \
|
|
383
|
-
MLD_SCATTER_STORE256(state, 10, X##ka); \
|
|
384
|
-
MLD_SCATTER_STORE256(state, 11, X##ke); \
|
|
385
|
-
MLD_SCATTER_STORE256(state, 12, X##ki); \
|
|
386
|
-
MLD_SCATTER_STORE256(state, 13, X##ko); \
|
|
387
|
-
MLD_SCATTER_STORE256(state, 14, X##ku); \
|
|
388
|
-
MLD_SCATTER_STORE256(state, 15, X##ma); \
|
|
389
|
-
MLD_SCATTER_STORE256(state, 16, X##me); \
|
|
390
|
-
MLD_SCATTER_STORE256(state, 17, X##mi); \
|
|
391
|
-
MLD_SCATTER_STORE256(state, 18, X##mo); \
|
|
392
|
-
MLD_SCATTER_STORE256(state, 19, X##mu); \
|
|
393
|
-
MLD_SCATTER_STORE256(state, 20, X##sa); \
|
|
394
|
-
MLD_SCATTER_STORE256(state, 21, X##se); \
|
|
395
|
-
MLD_SCATTER_STORE256(state, 22, X##si); \
|
|
396
|
-
MLD_SCATTER_STORE256(state, 23, X##so); \
|
|
397
|
-
MLD_SCATTER_STORE256(state, 24, X##su);
|
|
398
|
-
|
|
399
|
-
#define MLD_COPY_STATE_VARIABLES(X, Y) \
|
|
400
|
-
X##ba = Y##ba; \
|
|
401
|
-
X##be = Y##be; \
|
|
402
|
-
X##bi = Y##bi; \
|
|
403
|
-
X##bo = Y##bo; \
|
|
404
|
-
X##bu = Y##bu; \
|
|
405
|
-
X##ga = Y##ga; \
|
|
406
|
-
X##ge = Y##ge; \
|
|
407
|
-
X##gi = Y##gi; \
|
|
408
|
-
X##go = Y##go; \
|
|
409
|
-
X##gu = Y##gu; \
|
|
410
|
-
X##ka = Y##ka; \
|
|
411
|
-
X##ke = Y##ke; \
|
|
412
|
-
X##ki = Y##ki; \
|
|
413
|
-
X##ko = Y##ko; \
|
|
414
|
-
X##ku = Y##ku; \
|
|
415
|
-
X##ma = Y##ma; \
|
|
416
|
-
X##me = Y##me; \
|
|
417
|
-
X##mi = Y##mi; \
|
|
418
|
-
X##mo = Y##mo; \
|
|
419
|
-
X##mu = Y##mu; \
|
|
420
|
-
X##sa = Y##sa; \
|
|
421
|
-
X##se = Y##se; \
|
|
422
|
-
X##si = Y##si; \
|
|
423
|
-
X##so = Y##so; \
|
|
424
|
-
X##su = Y##su;
|
|
425
|
-
|
|
426
|
-
/* clang-format off */
|
|
427
|
-
#define MLD_ROUNDS24 \
|
|
428
|
-
MLD_prepareTheta \
|
|
429
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 0, A, E) \
|
|
430
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 1, E, A) \
|
|
431
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 2, A, E) \
|
|
432
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 3, E, A) \
|
|
433
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 4, A, E) \
|
|
434
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 5, E, A) \
|
|
435
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 6, A, E) \
|
|
436
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 7, E, A) \
|
|
437
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 8, A, E) \
|
|
438
|
-
MLD_thetaRhoPiChiIotaPrepareTheta( 9, E, A) \
|
|
439
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(10, A, E) \
|
|
440
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(11, E, A) \
|
|
441
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(12, A, E) \
|
|
442
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(13, E, A) \
|
|
443
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(14, A, E) \
|
|
444
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(15, E, A) \
|
|
445
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(16, A, E) \
|
|
446
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(17, E, A) \
|
|
447
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(18, A, E) \
|
|
448
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(19, E, A) \
|
|
449
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(20, A, E) \
|
|
450
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(21, E, A) \
|
|
451
|
-
MLD_thetaRhoPiChiIotaPrepareTheta(22, A, E) \
|
|
452
|
-
MLD_thetaRhoPiChiIota(23, E, A)
|
|
453
|
-
/* clang-format on */
|
|
454
|
-
|
|
455
|
-
void mld_keccakf1600x4_permute24(void *states)
|
|
456
|
-
{
|
|
457
|
-
__m256i *statesAsLanes = (__m256i *)states;
|
|
458
|
-
MLD_DECLARE_ABCDE MLD_COPY_FROM_STATE(A, statesAsLanes)
|
|
459
|
-
MLD_ROUNDS24 MLD_COPY_TO_STATE(statesAsLanes, A)
|
|
460
|
-
}
|
|
461
|
-
|
|
462
|
-
#else /* MLD_FIPS202_X86_64_XKCP && !MLD_CONFIG_MULTILEVEL_NO_SHARED */
|
|
463
|
-
|
|
464
|
-
MLD_EMPTY_CU(fips202_avx2_keccakx4)
|
|
465
|
-
|
|
466
|
-
#endif /* !(MLD_FIPS202_X86_64_XKCP && !MLD_CONFIG_MULTILEVEL_NO_SHARED) */
|
|
467
|
-
|
|
468
|
-
/* To facilitate single-compilation-unit (SCU) builds, undefine all macros.
|
|
469
|
-
* Don't modify by hand -- this is auto-generated by scripts/autogen. */
|
|
470
|
-
#undef MLD_ANDNU256
|
|
471
|
-
#undef MLD_CONST256
|
|
472
|
-
#undef MLD_CONST256_64
|
|
473
|
-
#undef MLD_ROL64IN256
|
|
474
|
-
#undef MLD_ROL64IN256_8
|
|
475
|
-
#undef MLD_ROL64IN256_56
|
|
476
|
-
#undef MLD_STORE256
|
|
477
|
-
#undef MLD_XOR256
|
|
478
|
-
#undef MLD_XOREQ256
|
|
479
|
-
#undef MLD_SNP_LANELENGTHINBYTES
|
|
480
|
-
#undef MLD_DECLARE_ABCDE
|
|
481
|
-
#undef MLD_prepareTheta
|
|
482
|
-
#undef MLD_thetaRhoPiChiIotaPrepareTheta
|
|
483
|
-
#undef MLD_thetaRhoPiChiIota
|
|
484
|
-
#undef MLD_COPY_FROM_STATE
|
|
485
|
-
#undef MLD_SCATTER_STORE256
|
|
486
|
-
#undef MLD_COPY_TO_STATE
|
|
487
|
-
#undef MLD_COPY_STATE_VARIABLES
|
|
488
|
-
#undef MLD_ROUNDS24
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
/*
|
|
2
|
-
* Copyright (c) The mlkem-native project authors
|
|
3
|
-
* Copyright (c) The mldsa-native project authors
|
|
4
|
-
* SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
|
|
5
|
-
*/
|
|
6
|
-
|
|
7
|
-
#ifndef MLD_FIPS202_NATIVE_X86_64_SRC_KECCAKP_1600_TIMES4_SIMD256_H
|
|
8
|
-
#define MLD_FIPS202_NATIVE_X86_64_SRC_KECCAKP_1600_TIMES4_SIMD256_H
|
|
9
|
-
|
|
10
|
-
#include "../../../../common.h"
|
|
11
|
-
|
|
12
|
-
#define mld_keccakf1600x4_permute24 \
|
|
13
|
-
MLD_NAMESPACE(KeccakP1600times4_PermuteAll_24rounds)
|
|
14
|
-
void mld_keccakf1600x4_permute24(void *states);
|
|
15
|
-
|
|
16
|
-
#endif /* !MLD_FIPS202_NATIVE_X86_64_SRC_KECCAKP_1600_TIMES4_SIMD256_H */
|