diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-25 19:38:49 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-25 19:38:49 +0700 |
| commit | 8635ad5595ee90d0fdcff102a5a43e8f52c2863c (patch) | |
| tree | b7bc3a4de03a735251d53c58734021c681f8bf48 | |
| parent | Remove unnecessary intrinsic usage (diff) | |
| download | BouncyCastle.NET-ed25519-8635ad5595ee90d0fdcff102a5a43e8f52c2863c.tar.xz | |
Refactoring in Keccak code
| -rw-r--r-- | crypto/src/crypto/digests/KeccakDigest.cs | 58 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/hqc/HqcKeccakRandomGenerator.cs | 140 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/hqc/Utils.cs | 7 |
3 files changed, 90 insertions, 115 deletions
diff --git a/crypto/src/crypto/digests/KeccakDigest.cs b/crypto/src/crypto/digests/KeccakDigest.cs index b8305cc13..9f4a36b88 100644 --- a/crypto/src/crypto/digests/KeccakDigest.cs +++ b/crypto/src/crypto/digests/KeccakDigest.cs @@ -407,11 +407,11 @@ namespace Org.BouncyCastle.Crypto.Digests ulong c3 = a03 ^ a08 ^ a13 ^ a18 ^ a23; ulong c4 = a04 ^ a09 ^ a14 ^ a19 ^ a24; - ulong d1 = (c1 << 1 | c1 >> -1) ^ c4; - ulong d2 = (c2 << 1 | c2 >> -1) ^ c0; - ulong d3 = (c3 << 1 | c3 >> -1) ^ c1; - ulong d4 = (c4 << 1 | c4 >> -1) ^ c2; - ulong d0 = (c0 << 1 | c0 >> -1) ^ c3; + ulong d1 = Longs.RotateLeft(c1, 1) ^ c4; + ulong d2 = Longs.RotateLeft(c2, 1) ^ c0; + ulong d3 = Longs.RotateLeft(c3, 1) ^ c1; + ulong d4 = Longs.RotateLeft(c4, 1) ^ c2; + ulong d0 = Longs.RotateLeft(c0, 1) ^ c3; a00 ^= d1; a05 ^= d1; a10 ^= d1; a15 ^= d1; a20 ^= d1; a01 ^= d2; a06 ^= d2; a11 ^= d2; a16 ^= d2; a21 ^= d2; @@ -420,30 +420,30 @@ namespace Org.BouncyCastle.Crypto.Digests a04 ^= d0; a09 ^= d0; a14 ^= d0; a19 ^= d0; a24 ^= d0; // rho/pi - c1 = a01 << 1 | a01 >> 63; - a01 = a06 << 44 | a06 >> 20; - a06 = a09 << 20 | a09 >> 44; - a09 = a22 << 61 | a22 >> 3; - a22 = a14 << 39 | a14 >> 25; - a14 = a20 << 18 | a20 >> 46; - a20 = a02 << 62 | a02 >> 2; - a02 = a12 << 43 | a12 >> 21; - a12 = a13 << 25 | a13 >> 39; - a13 = a19 << 8 | a19 >> 56; - a19 = a23 << 56 | a23 >> 8; - a23 = a15 << 41 | a15 >> 23; - a15 = a04 << 27 | a04 >> 37; - a04 = a24 << 14 | a24 >> 50; - a24 = a21 << 2 | a21 >> 62; - a21 = a08 << 55 | a08 >> 9; - a08 = a16 << 45 | a16 >> 19; - a16 = a05 << 36 | a05 >> 28; - a05 = a03 << 28 | a03 >> 36; - a03 = a18 << 21 | a18 >> 43; - a18 = a17 << 15 | a17 >> 49; - a17 = a11 << 10 | a11 >> 54; - a11 = a07 << 6 | a07 >> 58; - a07 = a10 << 3 | a10 >> 61; + c1 = Longs.RotateLeft(a01, 1); + a01 = Longs.RotateLeft(a06, 44); + a06 = Longs.RotateLeft(a09, 20); + a09 = Longs.RotateLeft(a22, 61); + a22 = Longs.RotateLeft(a14, 39); + a14 = Longs.RotateLeft(a20, 18); + a20 = Longs.RotateLeft(a02, 62); + a02 = Longs.RotateLeft(a12, 43); + a12 = Longs.RotateLeft(a13, 25); + a13 = Longs.RotateLeft(a19, 8); + a19 = Longs.RotateLeft(a23, 56); + a23 = Longs.RotateLeft(a15, 41); + a15 = Longs.RotateLeft(a04, 27); + a04 = Longs.RotateLeft(a24, 14); + a24 = Longs.RotateLeft(a21, 2); + a21 = Longs.RotateLeft(a08, 55); + a08 = Longs.RotateLeft(a16, 45); + a16 = Longs.RotateLeft(a05, 36); + a05 = Longs.RotateLeft(a03, 28); + a03 = Longs.RotateLeft(a18, 21); + a18 = Longs.RotateLeft(a17, 15); + a17 = Longs.RotateLeft(a11, 10); + a11 = Longs.RotateLeft(a07, 6); + a07 = Longs.RotateLeft(a10, 3); a10 = c1; // chi diff --git a/crypto/src/pqc/crypto/hqc/HqcKeccakRandomGenerator.cs b/crypto/src/pqc/crypto/hqc/HqcKeccakRandomGenerator.cs index 655abb82f..090f5a9c0 100644 --- a/crypto/src/pqc/crypto/hqc/HqcKeccakRandomGenerator.cs +++ b/crypto/src/pqc/crypto/hqc/HqcKeccakRandomGenerator.cs @@ -6,12 +6,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Hqc { internal class HqcKeccakRandomGenerator { - private static ulong[] KeccakRoundConstants = new ulong[]{0x0000000000000001L, 0x0000000000008082L, - 0x800000000000808aL, 0x8000000080008000L, 0x000000000000808bL, 0x0000000080000001L, 0x8000000080008081L, - 0x8000000000008009L, 0x000000000000008aL, 0x0000000000000088L, 0x0000000080008009L, 0x000000008000000aL, - 0x000000008000808bL, 0x800000000000008bL, 0x8000000000008089L, 0x8000000000008003L, 0x8000000000008002L, - 0x8000000000000080L, 0x000000000000800aL, 0x800000008000000aL, 0x8000000080008081L, 0x8000000000008080L, - 0x0000000080000001L, 0x8000000080008008L}; + private static readonly ulong[] KeccakRoundConstants = + { + 0x0000000000000001L, 0x0000000000008082L, 0x800000000000808aL, 0x8000000080008000L, + 0x000000000000808bL, 0x0000000080000001L, 0x8000000080008081L, 0x8000000000008009L, + 0x000000000000008aL, 0x0000000000000088L, 0x0000000080008009L, 0x000000008000000aL, + 0x000000008000808bL, 0x800000000000008bL, 0x8000000000008089L, 0x8000000000008003L, + 0x8000000000008002L, 0x8000000000000080L, 0x000000000000800aL, 0x800000008000000aL, + 0x8000000080008081L, 0x8000000000008080L, 0x0000000080000001L, 0x8000000080008008L + }; protected long[] state = new long[26]; protected byte[] dataQueue = new byte[192]; @@ -34,42 +37,41 @@ namespace Org.BouncyCastle.Pqc.Crypto.Hqc { switch (bitLength) { - case 128: - case 224: - case 256: - case 288: - case 384: - case 512: - InitSponge(1600 - (bitLength << 1)); - break; - default: - throw new ArgumentException("bitLength must be one of 128, 224, 256, 288, 384, or 512."); + case 128: + case 224: + case 256: + case 288: + case 384: + case 512: + InitSponge(1600 - (bitLength << 1)); + break; + default: + throw new ArgumentException("bitLength must be one of 128, 224, 256, 288, 384, or 512."); } } private void InitSponge(int rate) { if ((rate <= 0) || (rate >= 1600) || ((rate % 64) != 0)) - { throw new InvalidOperationException("invalid rate value"); - } this.rate = rate; for (int i = 0; i < state.Length; ++i) { state[i] = 0L; } - Arrays.Fill(this.dataQueue, (byte)0); + Arrays.Fill(this.dataQueue, 0); this.bitsInQueue = 0; this.squeezing = false; this.fixedOutputLength = (1600 - rate) / 2; } - private void KeccakPermutation(long[] s) + + private void KeccakPermutation() { long[] A = state; - long a00 = A[0], a01 = A[1], a02 = A[2], a03 = A[3], a04 = A[4]; - long a05 = A[5], a06 = A[6], a07 = A[7], a08 = A[8], a09 = A[9]; + long a00 = A[ 0], a01 = A[ 1], a02 = A[ 2], a03 = A[ 3], a04 = A[ 4]; + long a05 = A[ 5], a06 = A[ 6], a07 = A[ 7], a08 = A[ 8], a09 = A[ 9]; long a10 = A[10], a11 = A[11], a12 = A[12], a13 = A[13], a14 = A[14]; long a15 = A[15], a16 = A[16], a17 = A[17], a18 = A[18], a19 = A[19]; long a20 = A[20], a21 = A[21], a22 = A[22], a23 = A[23], a24 = A[24]; @@ -83,63 +85,43 @@ namespace Org.BouncyCastle.Pqc.Crypto.Hqc long c3 = a03 ^ a08 ^ a13 ^ a18 ^ a23; long c4 = a04 ^ a09 ^ a14 ^ a19 ^ a24; - long d1 = (c1 << 1 | Utils.UnsignedRightBitShiftLong(c1, -1)) ^ c4; - long d2 = (c2 << 1 | Utils.UnsignedRightBitShiftLong(c2, -1)) ^ c0; - long d3 = (c3 << 1 | Utils.UnsignedRightBitShiftLong(c3, -1)) ^ c1; - long d4 = (c4 << 1 | Utils.UnsignedRightBitShiftLong(c4, -1)) ^ c2; - long d0 = (c0 << 1 | Utils.UnsignedRightBitShiftLong(c0, -1)) ^ c3; - - a00 ^= d1; - a05 ^= d1; - a10 ^= d1; - a15 ^= d1; - a20 ^= d1; - a01 ^= d2; - a06 ^= d2; - a11 ^= d2; - a16 ^= d2; - a21 ^= d2; - a02 ^= d3; - a07 ^= d3; - a12 ^= d3; - a17 ^= d3; - a22 ^= d3; - a03 ^= d4; - a08 ^= d4; - a13 ^= d4; - a18 ^= d4; - a23 ^= d4; - a04 ^= d0; - a09 ^= d0; - a14 ^= d0; - a19 ^= d0; - a24 ^= d0; + long d1 = Longs.RotateLeft(c1, 1) ^ c4; + long d2 = Longs.RotateLeft(c2, 1) ^ c0; + long d3 = Longs.RotateLeft(c3, 1) ^ c1; + long d4 = Longs.RotateLeft(c4, 1) ^ c2; + long d0 = Longs.RotateLeft(c0, 1) ^ c3; + + a00 ^= d1; a05 ^= d1; a10 ^= d1; a15 ^= d1; a20 ^= d1; + a01 ^= d2; a06 ^= d2; a11 ^= d2; a16 ^= d2; a21 ^= d2; + a02 ^= d3; a07 ^= d3; a12 ^= d3; a17 ^= d3; a22 ^= d3; + a03 ^= d4; a08 ^= d4; a13 ^= d4; a18 ^= d4; a23 ^= d4; + a04 ^= d0; a09 ^= d0; a14 ^= d0; a19 ^= d0; a24 ^= d0; // rho/pi - c1 = a01 << 1 | Utils.UnsignedRightBitShiftLong(a01, 63); - a01 = a06 << 44 | Utils.UnsignedRightBitShiftLong(a06, 20); - a06 = a09 << 20 | Utils.UnsignedRightBitShiftLong(a09, 44); - a09 = a22 << 61 | Utils.UnsignedRightBitShiftLong(a22, 3); - a22 = a14 << 39 | Utils.UnsignedRightBitShiftLong(a14, 25); - a14 = a20 << 18 | Utils.UnsignedRightBitShiftLong(a20, 46); - a20 = a02 << 62 | Utils.UnsignedRightBitShiftLong(a02, 2); - a02 = a12 << 43 | Utils.UnsignedRightBitShiftLong(a12, 21); - a12 = a13 << 25 | Utils.UnsignedRightBitShiftLong(a13, 39); - a13 = a19 << 8 | Utils.UnsignedRightBitShiftLong(a19, 56); - a19 = a23 << 56 | Utils.UnsignedRightBitShiftLong(a23, 8); - a23 = a15 << 41 | Utils.UnsignedRightBitShiftLong(a15, 23); - a15 = a04 << 27 | Utils.UnsignedRightBitShiftLong(a04, 37); - a04 = a24 << 14 | Utils.UnsignedRightBitShiftLong(a24, 50); - a24 = a21 << 2 | Utils.UnsignedRightBitShiftLong(a21, 62); - a21 = a08 << 55 | Utils.UnsignedRightBitShiftLong(a08, 9); - a08 = a16 << 45 | Utils.UnsignedRightBitShiftLong(a16, 19); - a16 = a05 << 36 | Utils.UnsignedRightBitShiftLong(a05, 28); - a05 = a03 << 28 | Utils.UnsignedRightBitShiftLong(a03, 36); - a03 = a18 << 21 | Utils.UnsignedRightBitShiftLong(a18, 43); - a18 = a17 << 15 | Utils.UnsignedRightBitShiftLong(a17, 49); - a17 = a11 << 10 | Utils.UnsignedRightBitShiftLong(a11, 54); - a11 = a07 << 6 | Utils.UnsignedRightBitShiftLong(a07, 58); - a07 = a10 << 3 | Utils.UnsignedRightBitShiftLong(a10, 61); + c1 = Longs.RotateLeft(a01, 1); + a01 = Longs.RotateLeft(a06, 44); + a06 = Longs.RotateLeft(a09, 20); + a09 = Longs.RotateLeft(a22, 61); + a22 = Longs.RotateLeft(a14, 39); + a14 = Longs.RotateLeft(a20, 18); + a20 = Longs.RotateLeft(a02, 62); + a02 = Longs.RotateLeft(a12, 43); + a12 = Longs.RotateLeft(a13, 25); + a13 = Longs.RotateLeft(a19, 8); + a19 = Longs.RotateLeft(a23, 56); + a23 = Longs.RotateLeft(a15, 41); + a15 = Longs.RotateLeft(a04, 27); + a04 = Longs.RotateLeft(a24, 14); + a24 = Longs.RotateLeft(a21, 2); + a21 = Longs.RotateLeft(a08, 55); + a08 = Longs.RotateLeft(a16, 45); + a16 = Longs.RotateLeft(a05, 36); + a05 = Longs.RotateLeft(a03, 28); + a03 = Longs.RotateLeft(a18, 21); + a18 = Longs.RotateLeft(a17, 15); + a17 = Longs.RotateLeft(a11, 10); + a11 = Longs.RotateLeft(a07, 6); + a07 = Longs.RotateLeft(a10, 3); a10 = c1; // chi @@ -233,7 +215,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Hqc inputLen -= (int) (rateBytes - state[25]); count += (int) (rateBytes - state[25]); state[25] = 0; - KeccakPermutation(state); + KeccakPermutation(); } for (int i = 0; i < inputLen; i++) @@ -271,7 +253,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Hqc while (outLen > 0) { - KeccakPermutation(state); + KeccakPermutation(); for (i = 0; i < outLen && i < rateBytes; i++) { diff --git a/crypto/src/pqc/crypto/hqc/Utils.cs b/crypto/src/pqc/crypto/hqc/Utils.cs index bbd72b05b..4d44db07c 100644 --- a/crypto/src/pqc/crypto/hqc/Utils.cs +++ b/crypto/src/pqc/crypto/hqc/Utils.cs @@ -144,13 +144,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.Hqc return a & 0xffff; } - internal static long UnsignedRightBitShiftLong(long a, int b) - { - ulong tmp = (ulong)a; - tmp >>= b; - return (long)tmp; - } - internal static void XorULongToByte16Array(ushort[] output, int outOff, ulong input) { output[outOff + 0] ^= (ushort)input; |