permutations.h 3.63 KB
Newer Older
Martin Schläffer committed
1 2 3
#ifndef PERMUTATIONS_H_
#define PERMUTATIONS_H_

Enrico Pozzobon committed
4 5 6
#include <stdint.h>

#include "api.h"
Martin Schläffer committed
7 8
#include "ascon.h"
#include "config.h"
Enrico Pozzobon committed
9
#include "printstate.h"
Martin Schläffer committed
10
#include "round.h"
Martin Schläffer committed
11

Enrico Pozzobon committed
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
#define ASCON_128_KEYBYTES 16
#define ASCON_128A_KEYBYTES 16
#define ASCON_80PQ_KEYBYTES 20

#define ASCON_128_RATE 8
#define ASCON_128A_RATE 16

#define ASCON_128_PA_ROUNDS 12
#define ASCON_128_PB_ROUNDS 6
#define ASCON_128A_PB_ROUNDS 8

#define ASCON_HASH_BYTES 32

#define ASCON_128_IV WORD_T(0x80400c0600000000ull)
#define ASCON_128A_IV WORD_T(0x80800c0800000000ull)
#define ASCON_80PQ_IV WORD_T(0xa0400c0600000000ull)
#define ASCON_HASH_IV WORD_T(0x00400c0000000100ull)
#define ASCON_XOF_IV WORD_T(0x00400c0000000000ull)

#define ASCON_HASH_IV0 WORD_T(0xee9398aadb67f03dull)
#define ASCON_HASH_IV1 WORD_T(0x8bb21831c60f1002ull)
#define ASCON_HASH_IV2 WORD_T(0xb48a92db98d5da62ull)
#define ASCON_HASH_IV3 WORD_T(0x43189921b8f8e3e8ull)
#define ASCON_HASH_IV4 WORD_T(0x348fa5c9d525e140ull)

#define ASCON_XOF_IV0 WORD_T(0xb57e273b814cd416ull)
#define ASCON_XOF_IV1 WORD_T(0x2b51042562ae2420ull)
#define ASCON_XOF_IV2 WORD_T(0x66a3a7768ddf2218ull)
#define ASCON_XOF_IV3 WORD_T(0x5aad0a7a8153650cull)
#define ASCON_XOF_IV4 WORD_T(0x4f3e0e32539493b6ull)

#define START(n) ((3 + (n)) << 4 | (12 - (n)))
#define RC(c) WORD_T(c)

const uint64_t C[12] = {
Martin Schläffer committed
47 48 49 50 51 52
    0xffffffffffffff0full, 0xffffffffffffff1eull, 0xffffffffffffff2dull,
    0xffffffffffffff3cull, 0xffffffffffffff4bull, 0xffffffffffffff5aull,
    0xffffffffffffff69ull, 0xffffffffffffff78ull, 0xffffffffffffff87ull,
    0xffffffffffffff96ull, 0xffffffffffffffa5ull, 0xffffffffffffffb4ull,
};

Enrico Pozzobon committed
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
#define P12ROUNDS(s) \
  ROUND(0)           \
  ROUND(8)           \
  ROUND(16)          \
  ROUND(24)          \
  ROUND(32)          \
  ROUND(40)          \
  ROUND(48)          \
  ROUND(56)          \
  ROUND(64)          \
  ROUND(72)          \
  ROUND(80)          \
  ROUND(88)

#define P8ROUNDS(s) \
  ROUND(32)         \
  ROUND(40)         \
  ROUND(48)         \
  ROUND(56)         \
  ROUND(64)         \
  ROUND(72)         \
  ROUND(80)         \
  ROUND(88)

#define P6ROUNDS(s) \
  ROUND(48)         \
  ROUND(56)         \
  ROUND(64)         \
  ROUND(72)         \
  ROUND(80)         \
  ROUND(88)

forceinline void P12(state_t* s) {
Martin Schläffer committed
86 87 88 89 90
  __asm__ __volatile__ ( \
      ".arm \n\t" \
      ".fpu neon \n\t" \
      "vldm %[s], {d0-d4} \n\t" \
      "vmvn d2, d2 \n\t" \
Enrico Pozzobon committed
91
      P12ROUNDS(s) \
Martin Schläffer committed
92 93
      "vmvn d2, d2 \n\t" \
      "vstm %[s], {d0-d4} \n\t" \
Enrico Pozzobon committed
94
      :: [s] "r" (s), [C] "r" (C) \
Martin Schläffer committed
95 96 97
      : "d0", "d1", "d2", "d3", "d4", \
        "d10", "d11", "d12", "d13", "d14", \
        "d20", "d21", "d22", "d23", "d24", \
Enrico Pozzobon committed
98 99
        "d31", "memory");
}
Martin Schläffer committed
100

Enrico Pozzobon committed
101
forceinline void P8(state_t* s) {
Martin Schläffer committed
102 103 104 105 106
  __asm__ __volatile__ ( \
      ".arm \n\t" \
      ".fpu neon \n\t" \
      "vldm %[s], {d0-d4} \n\t" \
      "vmvn d2, d2 \n\t" \
Enrico Pozzobon committed
107
      P8ROUNDS(s) \
Martin Schläffer committed
108 109
      "vmvn d2, d2 \n\t" \
      "vstm %[s], {d0-d4} \n\t" \
Enrico Pozzobon committed
110
      :: [s] "r" (s), [C] "r" (C) \
Martin Schläffer committed
111 112 113
      : "d0", "d1", "d2", "d3", "d4", \
        "d10", "d11", "d12", "d13", "d14", \
        "d20", "d21", "d22", "d23", "d24", \
Enrico Pozzobon committed
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137
        "d31", "memory");
}

forceinline void P6(state_t* s) {
  __asm__ __volatile__ ( \
      ".arm \n\t" \
      ".fpu neon \n\t" \
      "vldm %[s], {d0-d4} \n\t" \
      "vmvn d2, d2 \n\t" \
      P6ROUNDS(s) \
      "vmvn d2, d2 \n\t" \
      "vstm %[s], {d0-d4} \n\t" \
      :: [s] "r" (s), [C] "r" (C) \
      : "d0", "d1", "d2", "d3", "d4", \
        "d10", "d11", "d12", "d13", "d14", \
        "d20", "d21", "d22", "d23", "d24", \
        "d31", "memory");
}

forceinline void P(state_t* s, int nr) {
  if (nr == 12) P12(s);
  if (nr == 8) P8(s);
  if (nr == 6) P6(s);
}
Martin Schläffer committed
138 139

#endif /* PERMUTATIONS_H_ */