Prepare for using assembly function _chacha_2core.

* chacha-crypt.c (_chacha_crypt_2core, _chacha_crypt32_2core): New
variants of chacha_crypt, using _chacha_2core to do two blocks at
a time.
* chacha-internal.h (_chacha_2core, _chacha_2core32): Add declarations.
* configure.ac (asm_nettle_optional_list): Add chacha-2core.asm.

diff --git a/ChangeLog b/ChangeLog
index 3bb77d847cabc5a7693e9ede7566370e72058918..ccd0b8b564fdc755452ebfcff887ef3f622e0659 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2020-11-23  Niels Möller  <nisse@lysator.liu.se>
+
+       * chacha-crypt.c (_chacha_crypt_2core, _chacha_crypt32_2core): New
+       variants of chacha_crypt, using _chacha_2core to do two blocks at
+       a time.
+       * chacha-internal.h (_chacha_2core, _chacha_2core32): Add declarations.
+       * configure.ac (asm_nettle_optional_list): Add chacha-2core.asm.
+
 2020-11-14  Niels Möller  <nisse@lysator.liu.se>
 
        * ecc-mod-inv.c (ecc_mod_inv): Use passed in scratch for all

diff --git a/chacha-crypt.c b/chacha-crypt.c
index 098b53e65c54923669db9dfee7496ddc49280337..4c3201ffac8b5e417115b2334b5cfd2b81f36164 100644 (file)
--- a/chacha-crypt.c
+++ b/chacha-crypt.c
@@ -59,6 +59,9 @@
 #undef _chacha_crypt32_3core
 #define _chacha_crypt_3core chacha_crypt
 #define _chacha_crypt32_3core chacha_crypt32
+#elif HAVE_NATIVE_chacha_2core
+#define _chacha_crypt_2core chacha_crypt
+#define _chacha_crypt32_2core chacha_crypt32
 #elif !HAVE_NATIVE_fat_chacha_3core
 #undef _chacha_crypt_1core
 #undef _chacha_crypt32_1core
@@ -109,7 +112,42 @@ _chacha_crypt_3core(struct chacha_ctx *ctx,
 }
 #endif
 
-#if !HAVE_NATIVE_chacha_3core
+#if HAVE_NATIVE_chacha_2core
+void
+_chacha_crypt_2core(struct chacha_ctx *ctx,
+                   size_t length,
+                   uint8_t *dst,
+                   const uint8_t *src)
+{
+  uint32_t x[2*_CHACHA_STATE_LENGTH];
+
+  if (!length)
+    return;
+
+  while (length > CHACHA_BLOCK_SIZE)
+    {
+      _chacha_2core (x, ctx->state, CHACHA_ROUNDS);
+      ctx->state[12] += 2;
+      ctx->state[13] += (ctx->state[12] < 2);
+      if (length <= 2*CHACHA_BLOCK_SIZE)
+       {
+         memxor3 (dst, src, x, length);
+         return;
+       }
+      memxor3 (dst, src, x, 2*CHACHA_BLOCK_SIZE);
+
+      length -= 2*CHACHA_BLOCK_SIZE;
+      dst += 2*CHACHA_BLOCK_SIZE;
+      src += 2*CHACHA_BLOCK_SIZE;
+    }
+
+  _chacha_core (x, ctx->state, CHACHA_ROUNDS);
+  memxor3 (dst, src, x, length);
+  ctx->state[13] += (++ctx->state[12] == 0);
+}
+#endif
+
+#if !(HAVE_NATIVE_chacha_3core || HAVE_NATIVE_chacha_2core)
 void
 _chacha_crypt_1core(struct chacha_ctx *ctx,
                    size_t length,
@@ -186,6 +224,40 @@ _chacha_crypt32_3core(struct chacha_ctx *ctx,
 }
 #endif
 
+#if HAVE_NATIVE_chacha_2core
+void
+_chacha_crypt32_2core(struct chacha_ctx *ctx,
+                   size_t length,
+                   uint8_t *dst,
+                   const uint8_t *src)
+{
+  uint32_t x[2*_CHACHA_STATE_LENGTH];
+
+  if (!length)
+    return;
+
+  while (length > CHACHA_BLOCK_SIZE)
+    {
+      _chacha_2core32 (x, ctx->state, CHACHA_ROUNDS);
+      ctx->state[12] += 2;
+      if (length <= 2*CHACHA_BLOCK_SIZE)
+       {
+         memxor3 (dst, src, x, length);
+         return;
+       }
+      memxor3 (dst, src, x, 2*CHACHA_BLOCK_SIZE);
+
+      length -= 2*CHACHA_BLOCK_SIZE;
+      dst += 2*CHACHA_BLOCK_SIZE;
+      src += 2*CHACHA_BLOCK_SIZE;
+    }
+
+  _chacha_core (x, ctx->state, CHACHA_ROUNDS);
+  memxor3 (dst, src, x, length);
+  ++ctx->state[12];
+}
+#endif
+
 #if !HAVE_NATIVE_chacha_3core
 void
 _chacha_crypt32_1core(struct chacha_ctx *ctx,

diff --git a/chacha-internal.h b/chacha-internal.h
index ef6a64a3153c0a18f25a988b2e00134fba9e2ade..d298ab875f6a6a8aa8446914f4cead8a32fc64ec 100644 (file)
--- a/chacha-internal.h
+++ b/chacha-internal.h
@@ -40,6 +40,8 @@
 #include "chacha.h"
 
 #define _chacha_core _nettle_chacha_core
+#define _chacha_2core _nettle_chacha_2core
+#define _chacha_2core32 _nettle_chacha_2core32
 #define _chacha_3core _nettle_chacha_3core
 #define _chacha_3core32 _nettle_chacha_3core32
 #define _chacha_crypt_1core _nettle_chacha_crypt_1core
@@ -51,6 +53,12 @@ void
 _chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
 
 /* Functions available only in some configurations */
+void
+_chacha_2core(uint32_t *dst, const uint32_t *src, unsigned rounds);
+
+void
+_chacha_2core32(uint32_t *dst, const uint32_t *src, unsigned rounds);
+
 void
 _chacha_3core(uint32_t *dst, const uint32_t *src, unsigned rounds);
 

diff --git a/configure.ac b/configure.ac
index 2a47f9403a0d3dd28bea5160ea4baf4d212b06c0..356d5bc4f7ca440e0c362f36372e0ae0e102c3e4 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -499,7 +499,7 @@ asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \
 # Assembler files which generate additional object files if they are used.
 asm_nettle_optional_list="gcm-hash8.asm cpuid.asm \
   aes-encrypt-internal-2.asm aes-decrypt-internal-2.asm memxor-2.asm \
-  chacha-3core.asm chacha-core-internal-2.asm salsa20-2core.asm \
+  chacha-2core.asm chacha-3core.asm chacha-core-internal-2.asm salsa20-2core.asm \
   salsa20-core-internal-2.asm sha1-compress-2.asm sha256-compress-2.asm \
   sha3-permute-2.asm sha512-compress-2.asm \
   umac-nh-n-2.asm umac-nh-2.asm"
@@ -607,6 +607,7 @@ AH_VERBATIM([HAVE_NATIVE],
 #undef HAVE_NATIVE_aes_decrypt
 #undef HAVE_NATIVE_aes_encrypt
 #undef HAVE_NATIVE_chacha_core
+#undef HAVE_NATIVE_chacha_2core
 #undef HAVE_NATIVE_chacha_3core
 #undef HAVE_NATIVE_fat_chacha_3core
 #undef HAVE_NATIVE_ecc_curve25519_modp