Precompute s for small speedupjd/poly-comparison

author: Jason A. Donenfeld <Jason@zx2c4.com> 2018-09-12 18:33:01 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2018-09-12 18:33:01 +0200
commit: 18d6d0920bb6f511159de21f051b0c6d8dab246f (patch)
tree: 71d1308d6631c580889dbe7d3eec971f1529b0bb /poly1305-donna64.c
parent: Add new hacl32 and hacl64 (diff)
download: kbench9000-18d6d0920bb6f511159de21f051b0c6d8dab246f.tar.xz
kbench9000-18d6d0920bb6f511159de21f051b0c6d8dab246f.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/poly1305-donna64.c b/poly1305-donna64.c
index ca35f5e..75a2e73 100644
--- a/poly1305-donna64.c
+++ b/poly1305-donna64.c
@@ -29,6 +29,7 @@ typedef __uint128_t u128;
 struct poly1305_internal {
 	u64 r[3];
 	u64 h[3];
+	u64 s[2];
 };
 
 static void poly1305_init_generic(void *ctx, const u8 key[16])
@@ -40,11 +41,13 @@ static void poly1305_init_generic(void *ctx, const u8 key[16])
 	t0 = get_unaligned_le64(&key[0]);
 	t1 = get_unaligned_le64(&key[8]);
 
-	/* wiped after finalization */
 	st->r[0] = (t0) &0xffc0fffffff;
 	st->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
 	st->r[2] = ((t1 >> 24)) & 0x00ffffffc0f;
 
+	st->s[0] = st->r[1] * 20;
+	st->s[1] = st->r[2] * 20;
+
 	/* h = 0 */
 	st->h[0] = 0;
 	st->h[1] = 0;
@@ -70,8 +73,8 @@ static void poly1305_blocks_generic(void *ctx, const u8 *input, size_t len,
 	h1 = st->h[1];
 	h2 = st->h[2];
 
-	s1 = r1 * (5 << 2);
-	s2 = r2 * (5 << 2);
+	s1 = st->s[0];
+	s2 = st->s[1];
 
 	while (len >= POLY1305_BLOCK_SIZE) {
 		u64 t0, t1;
author	Jason A. Donenfeld <Jason@zx2c4.com>	2018-09-12 18:33:01 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2018-09-12 18:33:01 +0200
commit	18d6d0920bb6f511159de21f051b0c6d8dab246f (patch)
tree	71d1308d6631c580889dbe7d3eec971f1529b0bb /poly1305-donna64.c
parent	Add new hacl32 and hacl64 (diff)
download	kbench9000-18d6d0920bb6f511159de21f051b0c6d8dab246f.tar.xz kbench9000-18d6d0920bb6f511159de21f051b0c6d8dab246f.zip