From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 17 Nov 2018 21:08:11 +0000 (+0000)
Subject: symm/keccak1600.c (keccak1600_extract): Eliminate intermediate state buffer.
X-Git-Tag: 2.6.0~60
X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/commitdiff_plain/1ccb258a64fd14d12938f9014ad22abbe46ab4c0

symm/keccak1600.c (keccak1600_extract): Eliminate intermediate state buffer.

Instead, introduce a handy bitmap which identifies which lanes need
complementing and do the whole thing in the loop.
---

diff --git a/symm/keccak1600.c b/symm/keccak1600.c
index d58bc6f8..499ab4f6 100644
--- a/symm/keccak1600.c
+++ b/symm/keccak1600.c
@@ -221,6 +221,8 @@ static const lane rcon[24] = {
  * `keccak1600_round' below for the details.
  */
 
+#define COMPL_MASK 0x00121106u
+
 #define STATE_INIT(z) do {						\
   lane cmpl = LANE_CMPL;						\
   (z)->S[I(1, 0)] = cmpl; (z)->S[I(2, 0)] = cmpl;			\
@@ -240,6 +242,8 @@ static const lane rcon[24] = {
 #else
 /* A target with fused and/not (`bic', `andc2').  Everything is simple. */
 
+#define COMPL_MASK 0u
+
 #define STATE_INIT(z) do ; while (0)
 #define STATE_OUT(z) do ; while (0)
 
@@ -600,11 +604,14 @@ void keccak1600_mix(keccak1600_state *s, const kludge64 *p, size_t n)
 
 void keccak1600_extract(const keccak1600_state *s, kludge64 *p, size_t n)
 {
+  uint32 m = COMPL_MASK;
   unsigned i;
-  keccak1600_state t;
+  lane t;
 
-  t = *s; STATE_OUT(&t);
-  for (i = 0; i < n; i++) p[i] = FROM_LANE(t.S[i]);
+  for (i = 0; i < n; i++) {
+    t = s->S[i]; if (m&1) NOT_LANE(t, t);
+    *p++ = FROM_LANE(t); m >>= 1;
+  }
 }
 
 /*----- Test rig ----------------------------------------------------------*/