Xoodyak perf. opts.

peterdettman · peterdettman · commit 8a50bb77cdb5 · 2024-08-12T14:39:10.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/XoodyakDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/XoodyakDigest.java
@@ -6,6 +6,7 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Pack;
 
 /**
@@ -26,9 +27,9 @@ public class XoodyakDigest
     private final int Rhash = 16;
     private final int PhaseDown = 1;
     private final int PhaseUp = 2;
-    private final int NLANES = 12;
-    private final int NROWS = 3;
-    private final int NCOLUMS = 4;
+//    private final int NLANES = 12;
+//    private final int NROWS = 3;
+//    private final int NCOLUMS = 4;
     private final int MAXROUNDS = 12;
     private final int TAGLEN = 16;
     private final int[] RC = {0x00000058, 0x00000038, 0x000003C0, 0x000000D0, 0x00000120, 0x00000014, 0x00000060,
@@ -123,58 +124,109 @@ private void Up(byte[] Yi, int YiOff, int YiLen, int Cu)
         {
             state[f_bPrime - 1] ^= Cu;
         }
-        int[] a = new int[NLANES];
-        Pack.littleEndianToInt(state, 0, a, 0, a.length);
-        int x, y;
-        int[] b = new int[NLANES];
-        int[] p = new int[NCOLUMS];
-        int[] e = new int[NCOLUMS];
+
+        int a0 = Pack.littleEndianToInt(state, 0);
+        int a1 = Pack.littleEndianToInt(state, 4);
+        int a2 = Pack.littleEndianToInt(state, 8);
+        int a3 = Pack.littleEndianToInt(state, 12);
+        int a4 = Pack.littleEndianToInt(state, 16);
+        int a5 = Pack.littleEndianToInt(state, 20);
+        int a6 = Pack.littleEndianToInt(state, 24);
+        int a7 = Pack.littleEndianToInt(state, 28);
+        int a8 = Pack.littleEndianToInt(state, 32);
+        int a9 = Pack.littleEndianToInt(state, 36);
+        int a10 = Pack.littleEndianToInt(state, 40);
+        int a11 = Pack.littleEndianToInt(state, 44);
+
         for (int i = 0; i < MAXROUNDS; ++i)
         {
             /* Theta: Column Parity Mixer */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                p[x] = a[index(x, 0)] ^ a[index(x, 1)] ^ a[index(x, 2)];
-            }
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                y = p[(x + 3) & 3];
-                e[x] = ROTL32(y, 5) ^ ROTL32(y, 14);
-            }
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                for (y = 0; y < NROWS; ++y)
-                {
-                    a[index(x, y)] ^= e[x];
-                }
-            }
+            int p0 = a0 ^ a4 ^ a8;
+            int p1 = a1 ^ a5 ^ a9;
+            int p2 = a2 ^ a6 ^ a10;
+            int p3 = a3 ^ a7 ^ a11;
+
+            int e0 = Integers.rotateLeft(p3, 5) ^ Integers.rotateLeft(p3, 14);
+            int e1 = Integers.rotateLeft(p0, 5) ^ Integers.rotateLeft(p0, 14);
+            int e2 = Integers.rotateLeft(p1, 5) ^ Integers.rotateLeft(p1, 14);
+            int e3 = Integers.rotateLeft(p2, 5) ^ Integers.rotateLeft(p2, 14);
+
+            a0 ^= e0;
+            a4 ^= e0;
+            a8 ^= e0;
+
+            a1 ^= e1;
+            a5 ^= e1;
+            a9 ^= e1;
+
+            a2 ^= e2;
+            a6 ^= e2;
+            a10 ^= e2;
+
+            a3 ^= e3;
+            a7 ^= e3;
+            a11 ^= e3;
+            
             /* Rho-west: plane shift */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                b[index(x, 0)] = a[index(x, 0)];
-                b[index(x, 1)] = a[index(x + 3, 1)];
-                b[index(x, 2)] = ROTL32(a[index(x, 2)], 11);
-            }
+            int b0 = a0;
+            int b1 = a1;
+            int b2 = a2;
+            int b3 = a3;
+
+            int b4 = a7;
+            int b5 = a4;
+            int b6 = a5;
+            int b7 = a6;
+
+            int b8 = Integers.rotateLeft(a8, 11);
+            int b9 = Integers.rotateLeft(a9, 11);
+            int b10 = Integers.rotateLeft(a10, 11);
+            int b11 = Integers.rotateLeft(a11, 11);
+
             /* Iota: round ant */
-            b[0] ^= RC[i];
+            b0 ^= RC[i];
+            
             /* Chi: non linear layer */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                for (y = 0; y < NROWS; ++y)
-                {
-                    a[index(x, y)] = b[index(x, y)] ^ (~b[index(x, y + 1)] & b[index(x, y + 2)]);
-                }
-            }
+            a0 = b0 ^ (~b4 & b8);
+            a1 = b1 ^ (~b5 & b9);
+            a2 = b2 ^ (~b6 & b10);
+            a3 = b3 ^ (~b7 & b11);
+
+            a4 = b4 ^ (~b8 & b0);
+            a5 = b5 ^ (~b9 & b1);
+            a6 = b6 ^ (~b10 & b2);
+            a7 = b7 ^ (~b11 & b3);
+
+            b8 ^= (~b0 & b4);
+            b9 ^= (~b1 & b5);
+            b10 ^= (~b2 & b6);
+            b11 ^= (~b3 & b7);
+            
             /* Rho-east: plane shift */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                b[index(x, 0)] = a[index(x, 0)];
-                b[index(x, 1)] = ROTL32(a[index(x, 1)], 1);
-                b[index(x, 2)] = ROTL32(a[index(x + 2, 2)], 8);
-            }
-            System.arraycopy(b, 0, a, 0, NLANES);
+            a4 = Integers.rotateLeft(a4, 1);
+            a5 = Integers.rotateLeft(a5, 1);
+            a6 = Integers.rotateLeft(a6, 1);
+            a7 = Integers.rotateLeft(a7, 1);
+
+            a8 = Integers.rotateLeft(b10, 8);
+            a9 = Integers.rotateLeft(b11, 8);
+            a10 = Integers.rotateLeft(b8, 8);
+            a11 = Integers.rotateLeft(b9, 8);
         }
-        Pack.intToLittleEndian(a, 0, a.length, state, 0);
+
+        Pack.intToLittleEndian(a0, state, 0);
+        Pack.intToLittleEndian(a1, state, 4);
+        Pack.intToLittleEndian(a2, state, 8);
+        Pack.intToLittleEndian(a3, state, 12);
+        Pack.intToLittleEndian(a4, state, 16);
+        Pack.intToLittleEndian(a5, state, 20);
+        Pack.intToLittleEndian(a6, state, 24);
+        Pack.intToLittleEndian(a7, state, 28);
+        Pack.intToLittleEndian(a8, state, 32);
+        Pack.intToLittleEndian(a9, state, 36);
+        Pack.intToLittleEndian(a10, state, 40);
+        Pack.intToLittleEndian(a11, state, 44);
+
         phase = PhaseUp;
         if (Yi != null)
         {
@@ -192,15 +244,4 @@ void Down(byte[] Xi, int XiOff, int XiLen, int Cd)
         state[f_bPrime - 1] ^= (mode == MODE.ModeHash) ? (Cd & 0x01) : Cd;
         phase = PhaseDown;
     }
-
-    private int index(int x, int y)
-    {
-        return (((y % NROWS) * NCOLUMS) + ((x) % NCOLUMS));
-    }
-
-    private int ROTL32(int a, int offset)
-    {
-        return (a << (offset & 31)) ^ (a >>> ((32 - (offset)) & 31));
-    }
-
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java
@@ -12,6 +12,7 @@
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Pack;
 
 /**
@@ -35,9 +36,9 @@ public class XoodyakEngine
     private byte[] iv;
     private final int PhaseDown = 1;
     private final int PhaseUp = 2;
-    private final int NLANES = 12;
-    private final int NROWS = 3;
-    private final int NCOLUMS = 4;
+//    private final int NLANES = 12;
+//    private final int NROWS = 3;
+//    private final int NCOLUMS = 4;
     private final int MAXROUNDS = 12;
     private final int TAGLEN = 16;
     final int Rkin = 44;
@@ -328,58 +329,109 @@ private void Up(byte[] Yi, int YiLen, int Cu)
         {
             state[f_bPrime - 1] ^= Cu;
         }
-        int[] a = new int[NLANES];
-        Pack.littleEndianToInt(state, 0, a, 0, a.length);
-        int x, y;
-        int[] b = new int[NLANES];
-        int[] p = new int[NCOLUMS];
-        int[] e = new int[NCOLUMS];
+
+        int a0 = Pack.littleEndianToInt(state, 0);
+        int a1 = Pack.littleEndianToInt(state, 4);
+        int a2 = Pack.littleEndianToInt(state, 8);
+        int a3 = Pack.littleEndianToInt(state, 12);
+        int a4 = Pack.littleEndianToInt(state, 16);
+        int a5 = Pack.littleEndianToInt(state, 20);
+        int a6 = Pack.littleEndianToInt(state, 24);
+        int a7 = Pack.littleEndianToInt(state, 28);
+        int a8 = Pack.littleEndianToInt(state, 32);
+        int a9 = Pack.littleEndianToInt(state, 36);
+        int a10 = Pack.littleEndianToInt(state, 40);
+        int a11 = Pack.littleEndianToInt(state, 44);
+
         for (int i = 0; i < MAXROUNDS; ++i)
         {
             /* Theta: Column Parity Mixer */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                p[x] = a[index(x, 0)] ^ a[index(x, 1)] ^ a[index(x, 2)];
-            }
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                y = p[(x + 3) & 3];
-                e[x] = ROTL32(y, 5) ^ ROTL32(y, 14);
-            }
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                for (y = 0; y < NROWS; ++y)
-                {
-                    a[index(x, y)] ^= e[x];
-                }
-            }
+            int p0 = a0 ^ a4 ^ a8;
+            int p1 = a1 ^ a5 ^ a9;
+            int p2 = a2 ^ a6 ^ a10;
+            int p3 = a3 ^ a7 ^ a11;
+
+            int e0 = Integers.rotateLeft(p3, 5) ^ Integers.rotateLeft(p3, 14);
+            int e1 = Integers.rotateLeft(p0, 5) ^ Integers.rotateLeft(p0, 14);
+            int e2 = Integers.rotateLeft(p1, 5) ^ Integers.rotateLeft(p1, 14);
+            int e3 = Integers.rotateLeft(p2, 5) ^ Integers.rotateLeft(p2, 14);
+
+            a0 ^= e0;
+            a4 ^= e0;
+            a8 ^= e0;
+
+            a1 ^= e1;
+            a5 ^= e1;
+            a9 ^= e1;
+
+            a2 ^= e2;
+            a6 ^= e2;
+            a10 ^= e2;
+
+            a3 ^= e3;
+            a7 ^= e3;
+            a11 ^= e3;
+            
             /* Rho-west: plane shift */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                b[index(x, 0)] = a[index(x, 0)];
-                b[index(x, 1)] = a[index(x + 3, 1)];
-                b[index(x, 2)] = ROTL32(a[index(x, 2)], 11);
-            }
+            int b0 = a0;
+            int b1 = a1;
+            int b2 = a2;
+            int b3 = a3;
+
+            int b4 = a7;
+            int b5 = a4;
+            int b6 = a5;
+            int b7 = a6;
+
+            int b8 = Integers.rotateLeft(a8, 11);
+            int b9 = Integers.rotateLeft(a9, 11);
+            int b10 = Integers.rotateLeft(a10, 11);
+            int b11 = Integers.rotateLeft(a11, 11);
+
             /* Iota: round ant */
-            b[0] ^= RC[i];
+            b0 ^= RC[i];
+            
             /* Chi: non linear layer */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                for (y = 0; y < NROWS; ++y)
-                {
-                    a[index(x, y)] = b[index(x, y)] ^ (~b[index(x, y + 1)] & b[index(x, y + 2)]);
-                }
-            }
+            a0 = b0 ^ (~b4 & b8);
+            a1 = b1 ^ (~b5 & b9);
+            a2 = b2 ^ (~b6 & b10);
+            a3 = b3 ^ (~b7 & b11);
+
+            a4 = b4 ^ (~b8 & b0);
+            a5 = b5 ^ (~b9 & b1);
+            a6 = b6 ^ (~b10 & b2);
+            a7 = b7 ^ (~b11 & b3);
+
+            b8 ^= (~b0 & b4);
+            b9 ^= (~b1 & b5);
+            b10 ^= (~b2 & b6);
+            b11 ^= (~b3 & b7);
+            
             /* Rho-east: plane shift */
-            for (x = 0; x < NCOLUMS; ++x)
-            {
-                b[index(x, 0)] = a[index(x, 0)];
-                b[index(x, 1)] = ROTL32(a[index(x, 1)], 1);
-                b[index(x, 2)] = ROTL32(a[index(x + 2, 2)], 8);
-            }
-            System.arraycopy(b, 0, a, 0, NLANES);
+            a4 = Integers.rotateLeft(a4, 1);
+            a5 = Integers.rotateLeft(a5, 1);
+            a6 = Integers.rotateLeft(a6, 1);
+            a7 = Integers.rotateLeft(a7, 1);
+
+            a8 = Integers.rotateLeft(b10, 8);
+            a9 = Integers.rotateLeft(b11, 8);
+            a10 = Integers.rotateLeft(b8, 8);
+            a11 = Integers.rotateLeft(b9, 8);
         }
-        Pack.intToLittleEndian(a, 0, a.length, state, 0);
+
+        Pack.intToLittleEndian(a0, state, 0);
+        Pack.intToLittleEndian(a1, state, 4);
+        Pack.intToLittleEndian(a2, state, 8);
+        Pack.intToLittleEndian(a3, state, 12);
+        Pack.intToLittleEndian(a4, state, 16);
+        Pack.intToLittleEndian(a5, state, 20);
+        Pack.intToLittleEndian(a6, state, 24);
+        Pack.intToLittleEndian(a7, state, 28);
+        Pack.intToLittleEndian(a8, state, 32);
+        Pack.intToLittleEndian(a9, state, 36);
+        Pack.intToLittleEndian(a10, state, 40);
+        Pack.intToLittleEndian(a11, state, 44);
+
         phase = PhaseUp;
         if (Yi != null)
         {
@@ -398,16 +450,6 @@ void Down(byte[] Xi, int XiOff, int XiLen, int Cd)
         phase = PhaseDown;
     }
 
-    private int index(int x, int y)
-    {
-        return (((y % NROWS) * NCOLUMS) + ((x) % NCOLUMS));
-    }
-
-    private int ROTL32(int a, int offset)
-    {
-        return (a << (offset & 31)) ^ (a >>> ((32 - (offset)) & 31));
-    }
-
     public int getBlockSize()
     {
         return Rkout;
