From 8a1fc0f99cd023351636711574981c084e2f4cc0 Mon Sep 17 00:00:00 2001 From: Tiago Oliveira Date: Wed, 10 Apr 2024 09:12:01 +0100 Subject: [PATCH] mlkem ref sct: remove temporary(wip) init_msf --- code/jasmin/mlkem_ref/indcpa.jinc | 21 ++++++--------------- code/jasmin/mlkem_ref/kem.jinc | 30 +++++------------------------- 2 files changed, 11 insertions(+), 40 deletions(-) diff --git a/code/jasmin/mlkem_ref/indcpa.jinc b/code/jasmin/mlkem_ref/indcpa.jinc index c52f1682..b247eb6b 100644 --- a/code/jasmin/mlkem_ref/indcpa.jinc +++ b/code/jasmin/mlkem_ref/indcpa.jinc @@ -4,7 +4,7 @@ require "polyvec.jinc" require "gen_matrix.jinc" inline -fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomnessp) +fn __indcpa_keypair(#mmx reg u64 spkp, #mmx reg u64 sskp, reg ptr u8[MLKEM_SYMBYTES] randomnessp) { stack u16[MLKEM_K * MLKEM_VECN] a; stack u16[MLKEM_VECN] e pkpv skpv; @@ -18,11 +18,7 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn reg u8 nonce; inline int i; - stack u64 spkp; - stack u64 sskp; - - spkp = pkp; - sskp = skp; + reg u64 pkp skp; for i=0 to MLKEM_SYMBYTES/8 { @@ -40,7 +36,8 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn noiseseed[u64 i] = t64; } - r_noiseseed = noiseseed; // currently, it is not possible to load stack to mmx, so: first to register, and then to mmx + // memory -> reg -> mm + r_noiseseed = noiseseed; s_noiseseed = r_noiseseed; zero = 0; @@ -76,8 +73,6 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn pkp = spkp; skp = sskp; - _ = #init_msf(); // temporary fix - __polyvec_tobytes(skp, skpv); __polyvec_tobytes(pkp, pkpv); @@ -91,7 +86,7 @@ fn __indcpa_keypair(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES] randomn } inline -fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLKEM_SYMBYTES] noiseseed) +fn __indcpa_enc(#mmx reg u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLKEM_SYMBYTES] noiseseed) { stack u16[MLKEM_VECN] pkpv sp ep bp; stack u16[MLKEM_K*MLKEM_VECN] aat; @@ -160,8 +155,6 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLK ctp = sctp; - _ = #init_msf(); // temporary fix - __polyvec_compress(ctp, bp); ctp += MLKEM_POLYVECCOMPRESSEDBYTES; v = _poly_compress(ctp, v); @@ -176,7 +169,7 @@ fn __iindcpa_enc(reg ptr u8[MLKEM_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp, stack u8[MLKEM_SYMBYTES] publicseed; reg u64 i t64; reg u8 nonce; - stack ptr u8[MLKEM_CT_LEN] sctp; + #mmx reg ptr u8[MLKEM_CT_LEN] sctp; #mmx reg ptr u8[MLKEM_SYMBYTES] s_noiseseed; s_noiseseed = noiseseed; @@ -238,8 +231,6 @@ fn __iindcpa_enc(reg ptr u8[MLKEM_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp, ctp = sctp; - _ = #init_msf(); - ctp[0:MLKEM_POLYVECCOMPRESSEDBYTES] = __i_polyvec_compress(ctp[0:MLKEM_POLYVECCOMPRESSEDBYTES], bp); ctp[MLKEM_POLYVECCOMPRESSEDBYTES:MLKEM_POLYCOMPRESSEDBYTES], v = _i_poly_compress(ctp[MLKEM_POLYVECCOMPRESSEDBYTES:MLKEM_POLYCOMPRESSEDBYTES], v); diff --git a/code/jasmin/mlkem_ref/kem.jinc b/code/jasmin/mlkem_ref/kem.jinc index 8bee8f67..33dca3a1 100644 --- a/code/jasmin/mlkem_ref/kem.jinc +++ b/code/jasmin/mlkem_ref/kem.jinc @@ -4,11 +4,11 @@ require "verify.jinc" inline fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES*2] randomnessp) { - stack ptr u8[MLKEM_SYMBYTES*2] s_randomnessp; + #mmx reg ptr u8[MLKEM_SYMBYTES*2] s_randomnessp; reg ptr u8[MLKEM_SYMBYTES] randomnessp1 randomnessp2; stack u8[32] h_pk; - stack u64 s_skp s_pkp; + #mmx reg u64 s_skp s_pkp; reg u64 t64; inline int i; @@ -17,14 +17,12 @@ fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES s_skp = skp; randomnessp1 = randomnessp[0:MLKEM_SYMBYTES]; - __indcpa_keypair(pkp, skp, randomnessp1); + __indcpa_keypair(s_pkp, s_skp, randomnessp1); skp = s_skp; skp += MLKEM_POLYVECBYTES; pkp = s_pkp; - _ = #init_msf(); // temporary fix - for i=0 to MLKEM_INDCPA_PUBLICKEYBYTES/8 { t64 = (u64)[pkp + 8*i]; @@ -35,14 +33,10 @@ fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES s_skp = skp; pkp = s_pkp; - _ = #init_msf(); // temporary fix - t64 = MLKEM_POLYVECBYTES + MLKEM_SYMBYTES; h_pk = _isha3_256(h_pk, pkp, t64); skp = s_skp; - _ = #init_msf(); // temporary fix - for i=0 to 4 { t64 = h_pk[u64 i]; @@ -53,8 +47,6 @@ fn __crypto_kem_keypair_jazz(reg u64 pkp, reg u64 skp, reg ptr u8[MLKEM_SYMBYTES randomnessp = s_randomnessp; randomnessp2 = randomnessp[MLKEM_SYMBYTES:MLKEM_SYMBYTES]; - _ = #init_msf(); // temporary fix - for i=0 to MLKEM_SYMBYTES/8 { t64 = randomnessp2[u64 i]; @@ -69,7 +61,7 @@ fn __crypto_kem_enc_jazz(reg u64 ctp, reg u64 shkp, reg u64 pkp, reg ptr u8[MLKE inline int i; stack u8[MLKEM_SYMBYTES * 2] kr buf; - stack u64 s_pkp s_ctp s_shkp; + #mmx reg u64 s_pkp s_ctp s_shkp; reg u64 t64; s_pkp = pkp; @@ -84,8 +76,6 @@ fn __crypto_kem_enc_jazz(reg u64 ctp, reg u64 shkp, reg u64 pkp, reg ptr u8[MLKE pkp = s_pkp; - _ = #init_msf(); // temporary fix - t64 = MLKEM_PUBLICKEYBYTES; buf[MLKEM_SYMBYTES:MLKEM_SYMBYTES] = _isha3_256(buf[MLKEM_SYMBYTES:MLKEM_SYMBYTES], pkp, t64); @@ -93,14 +83,10 @@ fn __crypto_kem_enc_jazz(reg u64 ctp, reg u64 shkp, reg u64 pkp, reg ptr u8[MLKE pkp = s_pkp; - _ = #init_msf(); // temporary fix - __indcpa_enc(s_ctp, buf[0:MLKEM_SYMBYTES], pkp, kr[MLKEM_SYMBYTES:MLKEM_SYMBYTES]); shkp = s_shkp; - _ = #init_msf(); // temporary fix - for i=0 to MLKEM_SYMBYTES/8 { t64 = kr[u64 i]; @@ -114,7 +100,7 @@ fn __crypto_kem_dec_jazz(reg u64 shkp, reg u64 ctp, reg u64 skp) { stack u8[MLKEM_CT_LEN] ctpc; stack u8[2*MLKEM_SYMBYTES] kr buf; - stack u64 s_skp s_ctp s_shkp s_cnd; + #mmx reg u64 s_skp s_ctp s_shkp s_cnd; reg u64 pkp hp zp t64 cnd; inline int i; @@ -139,14 +125,10 @@ fn __crypto_kem_dec_jazz(reg u64 shkp, reg u64 ctp, reg u64 skp) pkp = s_skp; pkp += 12 * MLKEM_K * MLKEM_N>>3; - _ = #init_msf(); // temporary fix - ctpc = __iindcpa_enc(ctpc, buf[0:MLKEM_SYMBYTES], pkp, kr[MLKEM_SYMBYTES:MLKEM_SYMBYTES]); ctp = s_ctp; - _ = #init_msf(); // temporary fix - cnd = __verify(ctp, ctpc); s_cnd = cnd; @@ -161,7 +143,5 @@ fn __crypto_kem_dec_jazz(reg u64 shkp, reg u64 ctp, reg u64 skp) shkp = s_shkp; cnd = s_cnd; - _ = #init_msf(); // temporary fix - __cmov(shkp, kr[0:MLKEM_SYMBYTES], cnd); }