arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-21 23:18:13 +00:00
Code Issues Releases Wiki Activity

refactor(crypto): use functions instead of macros in blake2b and blake2s

Browse Source
This commit is contained in:
Ondřej Vejpustek 2024-08-16 14:33:17 +02:00
parent 32356b8123
commit c5984af1b5
2 changed files with 95 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
crypto/blake2b.c
View File

@ -18,6 +18,7 @@
#include "blake2b.h" #include "blake2b.h"
#include "blake2_common.h" #include "blake2_common.h"
#include "memzero.h" #include "memzero.h"
#include "options.h"
typedef struct blake2b_param__ typedef struct blake2b_param__
{ {
@ -186,28 +187,37 @@ int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t ke
return 0; return 0;
} }
#define G(r,i,a,b,c,d) \ #define G(m,r,i,a,b,c,d) \
do { \ do { \
a = a + b + m[blake2b_sigma[r][2*i+0]]; \ *(a) = *(a) + *(b) + m[blake2b_sigma[r][2 * i + 0]]; \
d = rotr64(d ^ a, 32); \ *(d) = rotr64(*(d) ^ *(a), 32); \
c = c + d; \ *(c) = *(c) + *(d); \
b = rotr64(b ^ c, 24); \ *(b) = rotr64(*(b) ^ *(c), 24); \
a = a + b + m[blake2b_sigma[r][2*i+1]]; \ *(a) = *(a) + *(b) + m[blake2b_sigma[r][2 * i + 1]]; \
d = rotr64(d ^ a, 16); \ *(d) = rotr64(*(d) ^ *(a), 16); \
c = c + d; \ *(c) = *(c) + *(d); \
b = rotr64(b ^ c, 63); \ *(b) = rotr64(*(b) ^ *(c), 63); \
} while(0) } while(0)
#define ROUND(r) \ #if OPTIMIZE_SIZE_BLAKE2B
do { \ static void g(uint64_t *m, int r, int i, uint64_t *a, uint64_t *b, uint64_t *c,
G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ uint64_t *d) {
G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ G(m,r,i,a,b,c,d);
G(r,2,v[ 2],v[ 6],v[10],v[14]); \ }
G(r,3,v[ 3],v[ 7],v[11],v[15]); \ #else
G(r,4,v[ 0],v[ 5],v[10],v[15]); \ #define g(m,r,i,a,b,c,d) G(m,r,i,a,b,c,d)
G(r,5,v[ 1],v[ 6],v[11],v[12]); \ #endif
G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ #define ROUND(m,v,r) \
do { \
g(m,r,0,v + 0,v + 4,v + 8,v + 12); \
g(m,r,1,v + 1,v + 5,v + 9,v + 13); \
g(m,r,2,v + 2,v + 6,v + 10,v + 14); \
g(m,r,3,v + 3,v + 7,v + 11,v + 15); \
g(m,r,4,v + 0,v + 5,v + 10,v + 15); \
g(m,r,5,v + 1,v + 6,v + 11,v + 12); \
g(m,r,6,v + 2,v + 7,v + 8,v + 13); \
g(m,r,7,v + 3,v + 4,v + 9,v + 14); \
} while(0) } while(0)
static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES] ) static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES] )
@ -233,18 +243,25 @@ static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOC
v[14] = blake2b_IV[6] ^ S->f[0]; v[14] = blake2b_IV[6] ^ S->f[0];
v[15] = blake2b_IV[7] ^ S->f[1]; v[15] = blake2b_IV[7] ^ S->f[1];
ROUND( 0 );
ROUND( 1 ); #if OPTIMIZE_SIZE_BLAKE2B
ROUND( 2 ); for (int r = 0; r < 12; r++) {
ROUND( 3 ); ROUND(m, v, r);
ROUND( 4 ); }
ROUND( 5 ); #else
ROUND( 6 ); ROUND( m, v, 0 );
ROUND( 7 ); ROUND( m, v, 1 );
ROUND( 8 ); ROUND( m, v, 2 );
ROUND( 9 ); ROUND( m, v, 3 );
ROUND( 10 ); ROUND( m, v, 4 );
ROUND( 11 ); ROUND( m, v, 5 );
ROUND( m, v, 6 );
ROUND( m, v, 7 );
ROUND( m, v, 8 );
ROUND( m, v, 9 );
ROUND( m, v, 10 );
ROUND( m, v, 11 );
#endif
for( i = 0; i < 8; ++i ) { for( i = 0; i < 8; ++i ) {
S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];

76
crypto/blake2s.c
View File

@ -18,6 +18,7 @@
#include "blake2s.h" #include "blake2s.h"
#include "blake2_common.h" #include "blake2_common.h"
#include "memzero.h" #include "memzero.h"
#include "options.h"
typedef struct blake2s_param__ typedef struct blake2s_param__
{ {
@ -182,28 +183,37 @@ int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t ke
return 0; return 0;
} }
#define G(r,i,a,b,c,d) \ #define G(m,r,i,a,b,c,d) \
do { \ do { \
a = a + b + m[blake2s_sigma[r][2*i+0]]; \ *(a) = *(a) + *(b) + m[blake2s_sigma[r][2*i+0]]; \
d = rotr32(d ^ a, 16); \ *(d) = rotr32(*(d) ^ *(a), 16); \
c = c + d; \ *(c) = *(c) + *(d); \
b = rotr32(b ^ c, 12); \ *(b) = rotr32(*(b) ^ *(c), 12); \
a = a + b + m[blake2s_sigma[r][2*i+1]]; \ *(a) = *(a) + *(b) + m[blake2s_sigma[r][2*i+1]]; \
d = rotr32(d ^ a, 8); \ *(d) = rotr32(*(d) ^ *(a), 8); \
c = c + d; \ *(c) = *(c) + *(d); \
b = rotr32(b ^ c, 7); \ *(b) = rotr32(*(b) ^ *(c), 7); \
} while(0) } while(0)
#define ROUND(r) \ #if OPTIMIZE_SIZE_BLAKE2S
do { \ static void g(uint32_t *m, int r, int i, uint32_t *a, uint32_t *b, uint32_t *c,
G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ uint32_t *d) {
G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ G(m,r,i,a,b,c,d);
G(r,2,v[ 2],v[ 6],v[10],v[14]); \ }
G(r,3,v[ 3],v[ 7],v[11],v[15]); \ #else
G(r,4,v[ 0],v[ 5],v[10],v[15]); \ #define g(m,r,i,a,b,c,d) G(m,r,i,a,b,c,d)
G(r,5,v[ 1],v[ 6],v[11],v[12]); \ #endif
G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ #define ROUND(m,v,r) \
do { \
g(m,r,0,v + 0,v + 4,v + 8,v + 12); \
g(m,r,1,v + 1,v + 5,v + 9,v + 13); \
g(m,r,2,v + 2,v + 6,v + 10,v + 14); \
g(m,r,3,v + 3,v + 7,v + 11,v + 15); \
g(m,r,4,v + 0,v + 5,v + 10,v + 15); \
g(m,r,5,v + 1,v + 6,v + 11,v + 12); \
g(m,r,6,v + 2,v + 7,v + 8,v + 13); \
g(m,r,7,v + 3,v + 4,v + 9,v + 14); \
} while(0) } while(0)
static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] ) static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] )
@ -229,16 +239,22 @@ static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBY
v[14] = S->f[0] ^ blake2s_IV[6]; v[14] = S->f[0] ^ blake2s_IV[6];
v[15] = S->f[1] ^ blake2s_IV[7]; v[15] = S->f[1] ^ blake2s_IV[7];
ROUND( 0 ); #if OPTIMIZE_SIZE_BLAKE2S
ROUND( 1 ); for (int r = 0; r < 10; r++) {
ROUND( 2 ); ROUND(m, v, r);
ROUND( 3 ); }
ROUND( 4 ); #else
ROUND( 5 ); ROUND( m, v, 0 );
ROUND( 6 ); ROUND( m, v, 1 );
ROUND( 7 ); ROUND( m, v, 2 );
ROUND( 8 ); ROUND( m, v, 3 );
ROUND( 9 ); ROUND( m, v, 4 );
ROUND( m, v, 5 );
ROUND( m, v, 6 );
ROUND( m, v, 7 );
ROUND( m, v, 8 );
ROUND( m, v, 9 );
#endif
for( i = 0; i < 8; ++i ) { for( i = 0; i < 8; ++i ) {
S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];