arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-24 16:38:15 +00:00
Code Issues Releases Wiki Activity

refactor(crypto): use functions instead of macros in groestl512

Browse Source
This commit is contained in:
Ondřej Vejpustek 2024-08-09 16:44:29 +02:00
parent cb9c56e83f
commit 32356b8123
2 changed files with 67 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
crypto/groestl.c
View File

@ -339,153 +339,73 @@ static const sph_u32 T1dn[] = {
} while (0) } while (0)
#define RBTT(d0, d1, a, b0, b1, b2, b3, b4, b5, b6, b7) do { \
sph_u32 fu2 = T0up[B32_2(a[b2])]; \
sph_u32 fd2 = T0dn[B32_2(a[b2])]; \
sph_u32 fu3 = T1up[B32_3(a[b3])]; \
sph_u32 fd3 = T1dn[B32_3(a[b3])]; \
sph_u32 fu6 = T0up[B32_2(a[b6])]; \
sph_u32 fd6 = T0dn[B32_2(a[b6])]; \
sph_u32 fu7 = T1up[B32_3(a[b7])]; \
sph_u32 fd7 = T1dn[B32_3(a[b7])]; \
t[d0] = T0up[B32_0(a[b0])] \
^ T1up[B32_1(a[b1])] \
^ R32u(fu2, fd2) \
^ R32u(fu3, fd3) \
^ T0dn[B32_0(a[b4])] \
^ T1dn[B32_1(a[b5])] \
^ R32d(fu6, fd6) \
^ R32d(fu7, fd7); \
t[d1] = T0dn[B32_0(a[b0])] \
^ T1dn[B32_1(a[b1])] \
^ R32d(fu2, fd2) \
^ R32d(fu3, fd3) \
^ T0up[B32_0(a[b4])] \
^ T1up[B32_1(a[b5])] \
^ R32u(fu6, fd6) \
^ R32u(fu7, fd7); \
} while (0)
static void RBTT(size_t d0, size_t d1, sph_u32 *a, size_t b0, size_t b1,
size_t b2, size_t b3, size_t b4, size_t b5, size_t b6,
size_t b7, sph_u32 *t) {
sph_u32 fu2 = T0up[B32_2(a[b2])];
sph_u32 fd2 = T0dn[B32_2(a[b2])];
sph_u32 fu3 = T1up[B32_3(a[b3])];
sph_u32 fd3 = T1dn[B32_3(a[b3])];
sph_u32 fu6 = T0up[B32_2(a[b6])];
sph_u32 fd6 = T0dn[B32_2(a[b6])];
sph_u32 fu7 = T1up[B32_3(a[b7])];
sph_u32 fd7 = T1dn[B32_3(a[b7])];
t[d0] = T0up[B32_0(a[b0])] ^ T1up[B32_1(a[b1])] ^ R32u(fu2, fd2) ^
R32u(fu3, fd3) ^ T0dn[B32_0(a[b4])] ^ T1dn[B32_1(a[b5])] ^
R32d(fu6, fd6) ^ R32d(fu7, fd7);
t[d1] = T0dn[B32_0(a[b0])] ^ T1dn[B32_1(a[b1])] ^ R32d(fu2, fd2) ^
R32d(fu3, fd3) ^ T0up[B32_0(a[b4])] ^ T1up[B32_1(a[b5])] ^
R32u(fu6, fd6) ^ R32u(fu7, fd7);
}
#define ROUND_BIG_P(a, r) do { \ static void ROUND_BIG_P(sph_u32 *a, int r) {
sph_u32 t[32]; \ sph_u32 t[32] = {0};
size_t u; \ for (size_t i = 0; i < 16; i++) {
a[0x00] ^= PC32up(0x00, r); \ int j = i << 4;
a[0x01] ^= PC32dn(0x00, r); \ a[2 * i] ^= PC32up(j, r);
a[0x02] ^= PC32up(0x10, r); \ a[2 * i + 1] ^= PC32dn(j, r);
a[0x03] ^= PC32dn(0x10, r); \ }
a[0x04] ^= PC32up(0x20, r); \ for (size_t u = 0; u < 32; u += 8) {
a[0x05] ^= PC32dn(0x20, r); \ RBTT(u + 0x00, (u + 0x01) & 0x1F, a, u + 0x00, (u + 0x02) & 0x1F,
a[0x06] ^= PC32up(0x30, r); \ (u + 0x04) & 0x1F, (u + 0x06) & 0x1F, (u + 0x09) & 0x1F,
a[0x07] ^= PC32dn(0x30, r); \ (u + 0x0B) & 0x1F, (u + 0x0D) & 0x1F, (u + 0x17) & 0x1F, t);
a[0x08] ^= PC32up(0x40, r); \ RBTT(u + 0x02, (u + 0x03) & 0x1F, a, u + 0x02, (u + 0x04) & 0x1F,
a[0x09] ^= PC32dn(0x40, r); \ (u + 0x06) & 0x1F, (u + 0x08) & 0x1F, (u + 0x0B) & 0x1F,
a[0x0A] ^= PC32up(0x50, r); \ (u + 0x0D) & 0x1F, (u + 0x0F) & 0x1F, (u + 0x19) & 0x1F, t);
a[0x0B] ^= PC32dn(0x50, r); \ RBTT(u + 0x04, (u + 0x05) & 0x1F, a, u + 0x04, (u + 0x06) & 0x1F,
a[0x0C] ^= PC32up(0x60, r); \ (u + 0x08) & 0x1F, (u + 0x0A) & 0x1F, (u + 0x0D) & 0x1F,
a[0x0D] ^= PC32dn(0x60, r); \ (u + 0x0F) & 0x1F, (u + 0x11) & 0x1F, (u + 0x1B) & 0x1F, t);
a[0x0E] ^= PC32up(0x70, r); \ RBTT(u + 0x06, (u + 0x07) & 0x1F, a, u + 0x06, (u + 0x08) & 0x1F,
a[0x0F] ^= PC32dn(0x70, r); \ (u + 0x0A) & 0x1F, (u + 0x0C) & 0x1F, (u + 0x0F) & 0x1F,
a[0x10] ^= PC32up(0x80, r); \ (u + 0x11) & 0x1F, (u + 0x13) & 0x1F, (u + 0x1D) & 0x1F, t);
a[0x11] ^= PC32dn(0x80, r); \ }
a[0x12] ^= PC32up(0x90, r); \ memcpy(a, t, sizeof(t));
a[0x13] ^= PC32dn(0x90, r); \ }
a[0x14] ^= PC32up(0xA0, r); \
a[0x15] ^= PC32dn(0xA0, r); \
a[0x16] ^= PC32up(0xB0, r); \
a[0x17] ^= PC32dn(0xB0, r); \
a[0x18] ^= PC32up(0xC0, r); \
a[0x19] ^= PC32dn(0xC0, r); \
a[0x1A] ^= PC32up(0xD0, r); \
a[0x1B] ^= PC32dn(0xD0, r); \
a[0x1C] ^= PC32up(0xE0, r); \
a[0x1D] ^= PC32dn(0xE0, r); \
a[0x1E] ^= PC32up(0xF0, r); \
a[0x1F] ^= PC32dn(0xF0, r); \
for (u = 0; u < 32; u += 8) { \
RBTT(u + 0x00, (u + 0x01) & 0x1F, a, \
u + 0x00, (u + 0x02) & 0x1F, \
(u + 0x04) & 0x1F, (u + 0x06) & 0x1F, \
(u + 0x09) & 0x1F, (u + 0x0B) & 0x1F, \
(u + 0x0D) & 0x1F, (u + 0x17) & 0x1F); \
RBTT(u + 0x02, (u + 0x03) & 0x1F, a, \
u + 0x02, (u + 0x04) & 0x1F, \
(u + 0x06) & 0x1F, (u + 0x08) & 0x1F, \
(u + 0x0B) & 0x1F, (u + 0x0D) & 0x1F, \
(u + 0x0F) & 0x1F, (u + 0x19) & 0x1F); \
RBTT(u + 0x04, (u + 0x05) & 0x1F, a, \
u + 0x04, (u + 0x06) & 0x1F, \
(u + 0x08) & 0x1F, (u + 0x0A) & 0x1F, \
(u + 0x0D) & 0x1F, (u + 0x0F) & 0x1F, \
(u + 0x11) & 0x1F, (u + 0x1B) & 0x1F); \
RBTT(u + 0x06, (u + 0x07) & 0x1F, a, \
u + 0x06, (u + 0x08) & 0x1F, \
(u + 0x0A) & 0x1F, (u + 0x0C) & 0x1F, \
(u + 0x0F) & 0x1F, (u + 0x11) & 0x1F, \
(u + 0x13) & 0x1F, (u + 0x1D) & 0x1F); \
} \
memcpy(a, t, sizeof t); \
} while (0)
#define ROUND_BIG_Q(a, r) do { \ static void ROUND_BIG_Q(sph_u32 *a, int r) {
sph_u32 t[32]; \ sph_u32 t[32] = {0};
size_t u; \ for (size_t i = 0; i < 16; i++) {
a[0x00] ^= QC32up(0x00, r); \ int j = i << 4;
a[0x01] ^= QC32dn(0x00, r); \ a[2 * i] ^= QC32up(j, r);
a[0x02] ^= QC32up(0x10, r); \ a[2 * i + 1] ^= QC32dn(j, r);
a[0x03] ^= QC32dn(0x10, r); \ }
a[0x04] ^= QC32up(0x20, r); \ for (size_t u = 0; u < 32; u += 8) {
a[0x05] ^= QC32dn(0x20, r); \ RBTT(u + 0x00, (u + 0x01) & 0x1F, a, (u + 0x02) & 0x1F, (u + 0x06) & 0x1F,
a[0x06] ^= QC32up(0x30, r); \ (u + 0x0A) & 0x1F, (u + 0x16) & 0x1F, (u + 0x01) & 0x1F,
a[0x07] ^= QC32dn(0x30, r); \ (u + 0x05) & 0x1F, (u + 0x09) & 0x1F, (u + 0x0D) & 0x1F, t);
a[0x08] ^= QC32up(0x40, r); \ RBTT(u + 0x02, (u + 0x03) & 0x1F, a, (u + 0x04) & 0x1F, (u + 0x08) & 0x1F,
a[0x09] ^= QC32dn(0x40, r); \ (u + 0x0C) & 0x1F, (u + 0x18) & 0x1F, (u + 0x03) & 0x1F,
a[0x0A] ^= QC32up(0x50, r); \ (u + 0x07) & 0x1F, (u + 0x0B) & 0x1F, (u + 0x0F) & 0x1F, t);
a[0x0B] ^= QC32dn(0x50, r); \ RBTT(u + 0x04, (u + 0x05) & 0x1F, a, (u + 0x06) & 0x1F, (u + 0x0A) & 0x1F,
a[0x0C] ^= QC32up(0x60, r); \ (u + 0x0E) & 0x1F, (u + 0x1A) & 0x1F, (u + 0x05) & 0x1F,
a[0x0D] ^= QC32dn(0x60, r); \ (u + 0x09) & 0x1F, (u + 0x0D) & 0x1F, (u + 0x11) & 0x1F, t);
a[0x0E] ^= QC32up(0x70, r); \ RBTT(u + 0x06, (u + 0x07) & 0x1F, a, (u + 0x08) & 0x1F, (u + 0x0C) & 0x1F,
a[0x0F] ^= QC32dn(0x70, r); \ (u + 0x10) & 0x1F, (u + 0x1C) & 0x1F, (u + 0x07) & 0x1F,
a[0x10] ^= QC32up(0x80, r); \ (u + 0x0B) & 0x1F, (u + 0x0F) & 0x1F, (u + 0x13) & 0x1F, t);
a[0x11] ^= QC32dn(0x80, r); \ }
a[0x12] ^= QC32up(0x90, r); \ memcpy(a, t, sizeof(t));
a[0x13] ^= QC32dn(0x90, r); \ }
a[0x14] ^= QC32up(0xA0, r); \
a[0x15] ^= QC32dn(0xA0, r); \
a[0x16] ^= QC32up(0xB0, r); \
a[0x17] ^= QC32dn(0xB0, r); \
a[0x18] ^= QC32up(0xC0, r); \
a[0x19] ^= QC32dn(0xC0, r); \
a[0x1A] ^= QC32up(0xD0, r); \
a[0x1B] ^= QC32dn(0xD0, r); \
a[0x1C] ^= QC32up(0xE0, r); \
a[0x1D] ^= QC32dn(0xE0, r); \
a[0x1E] ^= QC32up(0xF0, r); \
a[0x1F] ^= QC32dn(0xF0, r); \
for (u = 0; u < 32; u += 8) { \
RBTT(u + 0x00, (u + 0x01) & 0x1F, a, \
(u + 0x02) & 0x1F, (u + 0x06) & 0x1F, \
(u + 0x0A) & 0x1F, (u + 0x16) & 0x1F, \
(u + 0x01) & 0x1F, (u + 0x05) & 0x1F, \
(u + 0x09) & 0x1F, (u + 0x0D) & 0x1F); \
RBTT(u + 0x02, (u + 0x03) & 0x1F, a, \
(u + 0x04) & 0x1F, (u + 0x08) & 0x1F, \
(u + 0x0C) & 0x1F, (u + 0x18) & 0x1F, \
(u + 0x03) & 0x1F, (u + 0x07) & 0x1F, \
(u + 0x0B) & 0x1F, (u + 0x0F) & 0x1F); \
RBTT(u + 0x04, (u + 0x05) & 0x1F, a, \
(u + 0x06) & 0x1F, (u + 0x0A) & 0x1F, \
(u + 0x0E) & 0x1F, (u + 0x1A) & 0x1F, \
(u + 0x05) & 0x1F, (u + 0x09) & 0x1F, \
(u + 0x0D) & 0x1F, (u + 0x11) & 0x1F); \
RBTT(u + 0x06, (u + 0x07) & 0x1F, a, \
(u + 0x08) & 0x1F, (u + 0x0C) & 0x1F, \
(u + 0x10) & 0x1F, (u + 0x1C) & 0x1F, \
(u + 0x07) & 0x1F, (u + 0x0B) & 0x1F, \
(u + 0x0F) & 0x1F, (u + 0x13) & 0x1F); \
} \
memcpy(a, t, sizeof t); \
} while (0)
#define PERM_BIG_P(a) do { \ #define PERM_BIG_P(a) do { \

6
crypto/groestl.h
View File

@ -2,7 +2,7 @@
* Trezor adaptation by Yura Pakhuchiy <pakhuchiy@gmail.com>. */ * Trezor adaptation by Yura Pakhuchiy <pakhuchiy@gmail.com>. */
/** /**
* Groestl interface. This code implements Groestl with the recommended * Groestl interface. This code implements Groestl with the recommended
* parameters for SHA-3, with outputs of 224, 256, 384 and 512 bits. * parameters for SHA-3, with output of 512 bits.
* *
* ==========================(LICENSE BEGIN)============================ * ==========================(LICENSE BEGIN)============================
* *
@ -29,7 +29,7 @@
* *
* ===========================(LICENSE END)============================= * ===========================(LICENSE END)=============================
* *
* @file sph_groestl.h * @file groestl.h
* @author Thomas Pornin <thomas.pornin@cryptolog.com> * @author Thomas Pornin <thomas.pornin@cryptolog.com>
*/ */
@ -39,7 +39,7 @@
#include <stddef.h> #include <stddef.h>
/** /**
* This structure is a context for Groestl-384 and Groestl-512 computations: * This structure is a context for Groestl-512 computation:
* it contains the intermediate values and some data from the last * it contains the intermediate values and some data from the last
* entered block. Once a Groestl computation has been performed, the * entered block. Once a Groestl computation has been performed, the
* context can be reused for another computation. * context can be reused for another computation.