LibCrypto: Avoid branching in galois_multiply()

This makes GHash a little more than twice as fast.
Author: https://github.com/alimpfard Commit: https://github.com/SerenityOS/serenity/commit/b1297a267c Pull-request: https://github.com/SerenityOS/serenity/pull/22551
2024-09-20 01:37:39 +03:00 · 2024-01-03 16:26:18 +03:30 · 2024-01-03 16:26:18 +03:30 · b1297a267c · 2024-07-17 00:47:29 +09:00
commit b1297a267c
parent 27a294547d
1 changed files with 7 additions and 8 deletions
--- a/Userland/Libraries/LibCrypto/Authentication/GHash.cpp
+++ b/Userland/Libraries/LibCrypto/Authentication/GHash.cpp
@ -92,13 +92,13 @@ void galois_multiply(u32 (&z)[4], const u32 (&_x)[4], const u32 (&_y)[4])
    u32 y[4] { _y[0], _y[1], _y[2], _y[3] };
    __builtin_memset(z, 0, sizeof(z));

+#pragma GCC unroll 16
    for (ssize_t i = 127; i > -1; --i) {
-        if ((y[3 - (i / 32)] >> (i % 32)) & 1) {
-            z[0] ^= x[0];
-            z[1] ^= x[1];
-            z[2] ^= x[2];
-            z[3] ^= x[3];
-        }
+        auto r = -((y[3 - (i / 32)] >> (i % 32)) & 1);
+        z[0] ^= x[0] & r;
+        z[1] ^= x[1] & r;
+        z[2] ^= x[2] & r;
+        z[3] ^= x[3] & r;
        auto a0 = x[0] & 1;
        x[0] >>= 1;
        auto a1 = x[1] & 1;
@ -111,8 +111,7 @@ void galois_multiply(u32 (&z)[4], const u32 (&_x)[4], const u32 (&_y)[4])
        x[3] >>= 1;
        x[3] |= a2 << 31;

-        if (a3)
-            x[0] ^= 0xe1000000;
+        x[0] ^= 0xe1000000 & -a3;
    }
 }