From e7cec986f60519929c23fb4f1f8d247f89ee5f03 Mon Sep 17 00:00:00 2001 From: blackshirt Date: Thu, 11 Sep 2025 16:42:13 +0000 Subject: [PATCH] x.crypto.ascon: small bits of cleansup and optimization --- vlib/x/crypto/ascon/ascon.v | 19 +++++++++++++------ vlib/x/crypto/ascon/digest.v | 33 ++++++++++++++++++++++----------- vlib/x/crypto/ascon/util.v | 16 +++++++++++++--- 3 files changed, 48 insertions(+), 20 deletions(-) diff --git a/vlib/x/crypto/ascon/ascon.v b/vlib/x/crypto/ascon/ascon.v index 8bb1b1977a..1ebd5bab84 100644 --- a/vlib/x/crypto/ascon/ascon.v +++ b/vlib/x/crypto/ascon/ascon.v @@ -41,6 +41,9 @@ fn ascon_pnr(mut s State, nr int) { if nr < 1 || nr > 16 { panic('Invalid round number') } + // Allocate temporary vars to reduce allocation within loop + mut x0 := u64(0) + mut y0 := u64(0) // Ascon permutation routine for i := max_nr_perm - nr; i < max_nr_perm; i++ { // 3.2 Constant-Addition Layer step @@ -56,18 +59,22 @@ fn ascon_pnr(mut s State, nr int) { s.e0 ^= s.e4 s.e4 ^= s.e3 s.e2 ^= s.e1 - + // Set temp vars to values + x0 = s.e0 + y0 = s.e4 ^ (~s.e0 & s.e1) + /* t0 := s.e4 ^ (~s.e0 & s.e1) t1 := s.e0 ^ (~s.e1 & s.e2) t2 := s.e1 ^ (~s.e2 & s.e3) t3 := s.e2 ^ (~s.e3 & s.e4) t4 := s.e3 ^ (~s.e4 & s.e0) + */ - s.e0 = t1 - s.e1 = t2 - s.e2 = t3 - s.e3 = t4 - s.e4 = t0 + s.e0 = s.e0 ^ (~s.e1 & s.e2) // t1 + s.e1 = s.e1 ^ (~s.e2 & s.e3) // t2 + s.e2 = s.e2 ^ (~s.e3 & s.e4) // t3 + s.e3 = s.e3 ^ (~s.e4 & x0) // t4, change s.e0 to x0 + s.e4 = y0 s.e1 ^= s.e0 s.e0 ^= s.e4 diff --git a/vlib/x/crypto/ascon/digest.v b/vlib/x/crypto/ascon/digest.v index 89a7dac7e1..07ee9ad303 100644 --- a/vlib/x/crypto/ascon/digest.v +++ b/vlib/x/crypto/ascon/digest.v @@ -135,20 +135,32 @@ fn (mut d Digest) squeeze(mut dst []u8) int { } @[direct_array_access; inline] -fn ascon_generic_hash(mut s State, msg_ []u8, size int) []u8 { +fn ascon_generic_hash(mut s State, msg []u8, size int) []u8 { // Assumed state was correctly initialized // Absorbing the message - mut msg := msg_.clone() - for msg.len >= block_size { - s.e0 ^= binary.little_endian_u64(msg[0..block_size]) - unsafe { - msg = msg[block_size..] + mut pos := 0 + // Check if msg has non-null length, if yes, absorb it. + // Otherwise, just pad it + if _likely_(msg.len > 0) { + mut msg_len := msg.len + for msg_len >= block_size { + s.e0 ^= binary.little_endian_u64(msg[pos..pos + block_size]) + pos += block_size + msg_len -= block_size + ascon_pnr(mut s, ascon_prnd_12) } - ascon_pnr(mut s, ascon_prnd_12) + // Absorb the last partial message block + last_block := unsafe { msg[pos..] } + s.e0 ^= u64(0x01) << (8 * last_block.len) // pad(last_block.len) + if last_block.len > 0 { + s.e0 ^= load_bytes(last_block, last_block.len) + } + } else { + // Otherwise, just pad it + s.e0 ^= u64(0x01) } - // Absorb the last partial message block - s.e0 ^= load_bytes(msg, msg.len) - s.e0 ^= pad(msg.len) + // reset pos + pos = 0 // Squeezing phase // @@ -156,7 +168,6 @@ fn ascon_generic_hash(mut s State, msg_ []u8, size int) []u8 { // permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12] to the state: ascon_pnr(mut s, ascon_prnd_12) mut out := []u8{len: size} - mut pos := 0 mut clen := out.len for clen >= block_size { binary.little_endian_put_u64(mut out[pos..pos + 8], s.e0) diff --git a/vlib/x/crypto/ascon/util.v b/vlib/x/crypto/ascon/util.v index 345683ea66..97e70d5e98 100644 --- a/vlib/x/crypto/ascon/util.v +++ b/vlib/x/crypto/ascon/util.v @@ -83,13 +83,23 @@ fn set_byte(b u8, i int) u64 { fn load_bytes(bytes []u8, n int) u64 { mut x := u64(0) for i := 0; i < n; i++ { - x |= set_byte(bytes[i], i) + // This is the same way to store bytes in little-endian way + // x |= u64(bytes[0]) << 8*0 // LSB at lowest index + // x |= u64(bytes[1]) << 8*1 + // x |= u64(bytes[2]) << 8*2 + // x |= u64(bytes[3]) << 8*3 + // ...etc + // x |= u64(bytes[7]) << 8*7 // MSB at highest index + x |= u64(bytes[i]) << (8 * i) } - return u64le(x) + // No need to cast with u64le, its alread le + return x } +@[direct_array_access] fn store_bytes(mut out []u8, x u64, n int) { for i := 0; i < n; i++ { - out[i] = get_byte(x, i) + // use underlying get_byte directly + out[i] = u8(x >> (8 * i)) } }