mlkem ref sct: remove temporary(wip) init_msf

code/jasmin/mlkem_ref/indcpa.jinc

@@ -4,7 +4,7 @@ require "polyvec.jinc"
 require "gen_matrix.jinc"
 
 inline
-fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomnessp)
+fn __indcpa_keypair(#mmx reg u64 spkp, #mmx reg u64 sskp, reg ptr u8[MLKEM_SYMBYTES] randomnessp)
 {
   stack u16[MLKEM_K * MLKEM_VECN] a;
   stack u16[MLKEM_VECN] e pkpv skpv;
@@ -18,11 +18,7 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn
   reg u8 nonce;
   inline int i;
 
-  stack u64 spkp;
-  stack u64 sskp;
-
-  spkp = pkp;
-  sskp = skp;
+  reg u64 pkp skp;
 
   for i=0 to MLKEM_SYMBYTES/8
   {
@@ -40,7 +36,8 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn
     noiseseed[u64 i] = t64;
   }
 
-  r_noiseseed = noiseseed; // currently, it is not possible to load stack to mmx, so: first to register, and then to mmx
+  // memory -> reg -> mm
+  r_noiseseed = noiseseed;
   s_noiseseed = r_noiseseed;
 
   zero = 0; 
@@ -76,8 +73,6 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn
   pkp = spkp;
   skp = sskp;
 
-  _ = #init_msf(); // temporary fix
-
   __polyvec_tobytes(skp, skpv);
   __polyvec_tobytes(pkp, pkpv);
 
@@ -91,7 +86,7 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn
 }
 
 inline
-fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLKEM_SYMBYTES] noiseseed)
+fn __indcpa_enc(#mmx reg u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLKEM_SYMBYTES] noiseseed)
 {
   stack u16[MLKEM_VECN] pkpv sp ep bp;
   stack u16[MLKEM_K*MLKEM_VECN] aat;
@@ -160,8 +155,6 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLK
 
   ctp = sctp;
 
-  _ = #init_msf(); // temporary fix
-
   __polyvec_compress(ctp, bp);
   ctp += MLKEM_POLYVECCOMPRESSEDBYTES;
   v = _poly_compress(ctp, v);
@@ -176,7 +169,7 @@ fn __iindcpa_enc(reg ptr u8[MLKEM_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp,
   stack u8[MLKEM_SYMBYTES] publicseed;
   reg u64 i t64;
   reg u8 nonce;
-  stack ptr u8[MLKEM_CT_LEN] sctp;
+  #mmx reg ptr u8[MLKEM_CT_LEN] sctp;
   #mmx reg ptr u8[MLKEM_SYMBYTES] s_noiseseed;
 
   s_noiseseed = noiseseed;
@@ -238,8 +231,6 @@ fn __iindcpa_enc(reg ptr u8[MLKEM_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp,
 
   ctp = sctp;
 
-  _ = #init_msf();
-
   ctp[0:MLKEM_POLYVECCOMPRESSEDBYTES] = __i_polyvec_compress(ctp[0:MLKEM_POLYVECCOMPRESSEDBYTES], bp);
   ctp[MLKEM_POLYVECCOMPRESSEDBYTES:MLKEM_POLYCOMPRESSEDBYTES], v = _i_poly_compress(ctp[MLKEM_POLYVECCOMPRESSEDBYTES:MLKEM_POLYCOMPRESSEDBYTES], v);
 

code/jasmin/mlkem_ref/kem.jinc

@@ -4,11 +4,11 @@ require "verify.jinc"
 inline
 fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES*2] randomnessp)
 {
-  stack ptr u8[MLKEM_SYMBYTES*2] s_randomnessp;
+  #mmx reg ptr u8[MLKEM_SYMBYTES*2] s_randomnessp;
   reg ptr u8[MLKEM_SYMBYTES] randomnessp1 randomnessp2;
 
   stack u8[32] h_pk;
-  stack u64 s_skp s_pkp;
+  #mmx reg u64 s_skp s_pkp;
   reg u64 t64;
   inline int i;
 
@@ -17,14 +17,12 @@ fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES
   s_skp = skp;
 
   randomnessp1 = randomnessp[0:MLKEM_SYMBYTES];
-  __indcpa_keypair(pkp, skp, randomnessp1);
+  __indcpa_keypair(s_pkp, s_skp, randomnessp1);
 
   skp = s_skp;
   skp += MLKEM_POLYVECBYTES;
   pkp = s_pkp;
 
-  _ = #init_msf(); // temporary fix
-
   for i=0 to MLKEM_INDCPA_PUBLICKEYBYTES/8
   {
     t64 = (u64)[pkp + 8*i];
@@ -35,14 +33,10 @@ fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES
   s_skp = skp;
   pkp = s_pkp;
 
-  _ = #init_msf(); // temporary fix
-
   t64 = MLKEM_POLYVECBYTES + MLKEM_SYMBYTES;
   h_pk = _isha3_256(h_pk, pkp, t64);
   skp = s_skp;
 
-  _ = #init_msf(); // temporary fix
-
   for i=0 to 4
   {
     t64 = h_pk[u64 i];
@@ -53,8 +47,6 @@ fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES
   randomnessp = s_randomnessp;
   randomnessp2 = randomnessp[MLKEM_SYMBYTES:MLKEM_SYMBYTES];
 
-  _ = #init_msf(); // temporary fix
-
   for i=0 to MLKEM_SYMBYTES/8
   {
     t64 = randomnessp2[u64 i];
@@ -69,7 +61,7 @@ fn __crypto_kem_enc_jazz(reg u64 ctp, reg u64 shkp, reg u64 pkp, reg ptr u8[MLKE
   inline int i;
 
   stack u8[MLKEM_SYMBYTES * 2] kr buf;
-  stack u64 s_pkp s_ctp s_shkp;
+  #mmx reg u64 s_pkp s_ctp s_shkp;
   reg u64 t64;
 
   s_pkp = pkp;
@@ -84,23 +76,17 @@ fn __crypto_kem_enc_jazz(reg u64 ctp, reg u64 shkp, reg u64 pkp, reg ptr u8[MLKE
 
   pkp = s_pkp;
 
-  _ = #init_msf(); // temporary fix
-
   t64 = MLKEM_PUBLICKEYBYTES;
   buf[MLKEM_SYMBYTES:MLKEM_SYMBYTES] = _isha3_256(buf[MLKEM_SYMBYTES:MLKEM_SYMBYTES], pkp, t64);
 
   kr = _sha3_512_64(kr, buf);
 
   pkp = s_pkp;
 
-  _ = #init_msf(); // temporary fix
-
   __indcpa_enc(s_ctp, buf[0:MLKEM_SYMBYTES], pkp, kr[MLKEM_SYMBYTES:MLKEM_SYMBYTES]);
 
   shkp = s_shkp;
 
-  _ = #init_msf(); // temporary fix
-
   for i=0 to MLKEM_SYMBYTES/8
   {
     t64 = kr[u64 i];
@@ -114,7 +100,7 @@ fn __crypto_kem_dec_jazz(reg u64 shkp, reg u64 ctp, reg u64 skp)
 {
   stack u8[MLKEM_CT_LEN] ctpc;
   stack u8[2*MLKEM_SYMBYTES] kr buf;
-  stack u64 s_skp s_ctp s_shkp s_cnd;
+  #mmx reg u64 s_skp s_ctp s_shkp s_cnd;
   reg u64 pkp hp zp t64 cnd;
   inline int i;
 
@@ -139,14 +125,10 @@ fn __crypto_kem_dec_jazz(reg u64 shkp, reg u64 ctp, reg u64 skp)
   pkp = s_skp;
   pkp += 12 * MLKEM_K * MLKEM_N>>3;
 
-  _ = #init_msf(); // temporary fix
-
   ctpc = __iindcpa_enc(ctpc, buf[0:MLKEM_SYMBYTES], pkp, kr[MLKEM_SYMBYTES:MLKEM_SYMBYTES]);
 
   ctp = s_ctp;
 
-  _ = #init_msf(); // temporary fix
-
   cnd = __verify(ctp, ctpc);
   s_cnd = cnd;
 
@@ -161,7 +143,5 @@ fn __crypto_kem_dec_jazz(reg u64 shkp, reg u64 ctp, reg u64 skp)
   shkp = s_shkp;
   cnd = s_cnd;
 
-  _ = #init_msf(); // temporary fix
-
    __cmov(shkp, kr[0:MLKEM_SYMBYTES], cnd); 
 }