Botan 3.7.1
Crypto and TLS for C&
chacha_avx512.cpp
Go to the documentation of this file.
1/*
2* (C) 2023 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/chacha.h>
8#include <botan/internal/simd_avx512.h>
9
10namespace Botan {
11
12//static
13BOTAN_AVX512_FN
14void ChaCha::chacha_avx512_x16(uint8_t output[64 * 16], uint32_t state[16], size_t rounds) {
15 BOTAN_ASSERT(rounds % 2 == 0, "Valid rounds");
16 const SIMD_16x32 CTR0 = SIMD_16x32(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
17
18 const uint32_t C = 0xFFFFFFFF - state[12];
19 const SIMD_16x32 CTR1 = SIMD_16x32(
20 0, C < 1, C < 2, C < 3, C < 4, C < 5, C < 6, C < 7, C < 8, C < 9, C < 10, C < 11, C < 12, C < 13, C < 14, C < 15);
21
22 SIMD_16x32 R00 = SIMD_16x32::splat(state[0]);
23 SIMD_16x32 R01 = SIMD_16x32::splat(state[1]);
24 SIMD_16x32 R02 = SIMD_16x32::splat(state[2]);
25 SIMD_16x32 R03 = SIMD_16x32::splat(state[3]);
26 SIMD_16x32 R04 = SIMD_16x32::splat(state[4]);
27 SIMD_16x32 R05 = SIMD_16x32::splat(state[5]);
28 SIMD_16x32 R06 = SIMD_16x32::splat(state[6]);
29 SIMD_16x32 R07 = SIMD_16x32::splat(state[7]);
30 SIMD_16x32 R08 = SIMD_16x32::splat(state[8]);
31 SIMD_16x32 R09 = SIMD_16x32::splat(state[9]);
32 SIMD_16x32 R10 = SIMD_16x32::splat(state[10]);
33 SIMD_16x32 R11 = SIMD_16x32::splat(state[11]);
34 SIMD_16x32 R12 = SIMD_16x32::splat(state[12]) + CTR0;
35 SIMD_16x32 R13 = SIMD_16x32::splat(state[13]) + CTR1;
36 SIMD_16x32 R14 = SIMD_16x32::splat(state[14]);
37 SIMD_16x32 R15 = SIMD_16x32::splat(state[15]);
38
39 for(size_t r = 0; r != rounds / 2; ++r) {
40 R00 += R04;
41 R01 += R05;
42 R02 += R06;
43 R03 += R07;
44
45 R12 ^= R00;
46 R13 ^= R01;
47 R14 ^= R02;
48 R15 ^= R03;
49
50 R12 = R12.rotl<16>();
51 R13 = R13.rotl<16>();
52 R14 = R14.rotl<16>();
53 R15 = R15.rotl<16>();
54
55 R08 += R12;
56 R09 += R13;
57 R10 += R14;
58 R11 += R15;
59
60 R04 ^= R08;
61 R05 ^= R09;
62 R06 ^= R10;
63 R07 ^= R11;
64
65 R04 = R04.rotl<12>();
66 R05 = R05.rotl<12>();
67 R06 = R06.rotl<12>();
68 R07 = R07.rotl<12>();
69
70 R00 += R04;
71 R01 += R05;
72 R02 += R06;
73 R03 += R07;
74
75 R12 ^= R00;
76 R13 ^= R01;
77 R14 ^= R02;
78 R15 ^= R03;
79
80 R12 = R12.rotl<8>();
81 R13 = R13.rotl<8>();
82 R14 = R14.rotl<8>();
83 R15 = R15.rotl<8>();
84
85 R08 += R12;
86 R09 += R13;
87 R10 += R14;
88 R11 += R15;
89
90 R04 ^= R08;
91 R05 ^= R09;
92 R06 ^= R10;
93 R07 ^= R11;
94
95 R04 = R04.rotl<7>();
96 R05 = R05.rotl<7>();
97 R06 = R06.rotl<7>();
98 R07 = R07.rotl<7>();
99
100 R00 += R05;
101 R01 += R06;
102 R02 += R07;
103 R03 += R04;
104
105 R15 ^= R00;
106 R12 ^= R01;
107 R13 ^= R02;
108 R14 ^= R03;
109
110 R15 = R15.rotl<16>();
111 R12 = R12.rotl<16>();
112 R13 = R13.rotl<16>();
113 R14 = R14.rotl<16>();
114
115 R10 += R15;
116 R11 += R12;
117 R08 += R13;
118 R09 += R14;
119
120 R05 ^= R10;
121 R06 ^= R11;
122 R07 ^= R08;
123 R04 ^= R09;
124
125 R05 = R05.rotl<12>();
126 R06 = R06.rotl<12>();
127 R07 = R07.rotl<12>();
128 R04 = R04.rotl<12>();
129
130 R00 += R05;
131 R01 += R06;
132 R02 += R07;
133 R03 += R04;
134
135 R15 ^= R00;
136 R12 ^= R01;
137 R13 ^= R02;
138 R14 ^= R03;
139
140 R15 = R15.rotl<8>();
141 R12 = R12.rotl<8>();
142 R13 = R13.rotl<8>();
143 R14 = R14.rotl<8>();
144
145 R10 += R15;
146 R11 += R12;
147 R08 += R13;
148 R09 += R14;
149
150 R05 ^= R10;
151 R06 ^= R11;
152 R07 ^= R08;
153 R04 ^= R09;
154
155 R05 = R05.rotl<7>();
156 R06 = R06.rotl<7>();
157 R07 = R07.rotl<7>();
158 R04 = R04.rotl<7>();
159 }
160
161 R00 += SIMD_16x32::splat(state[0]);
162 R01 += SIMD_16x32::splat(state[1]);
163 R02 += SIMD_16x32::splat(state[2]);
164 R03 += SIMD_16x32::splat(state[3]);
165 R04 += SIMD_16x32::splat(state[4]);
166 R05 += SIMD_16x32::splat(state[5]);
167 R06 += SIMD_16x32::splat(state[6]);
168 R07 += SIMD_16x32::splat(state[7]);
169 R08 += SIMD_16x32::splat(state[8]);
170 R09 += SIMD_16x32::splat(state[9]);
171 R10 += SIMD_16x32::splat(state[10]);
172 R11 += SIMD_16x32::splat(state[11]);
173 R12 += SIMD_16x32::splat(state[12]) + CTR0;
174 R13 += SIMD_16x32::splat(state[13]) + CTR1;
175 R14 += SIMD_16x32::splat(state[14]);
176 R15 += SIMD_16x32::splat(state[15]);
177
178 SIMD_16x32::transpose(R00, R01, R02, R03, R04, R05, R06, R07, R08, R09, R10, R11, R12, R13, R14, R15);
179
180 R00.store_le(output);
181 R01.store_le(output + 64 * 1);
182 R02.store_le(output + 64 * 2);
183 R03.store_le(output + 64 * 3);
184 R04.store_le(output + 64 * 4);
185 R05.store_le(output + 64 * 5);
186 R06.store_le(output + 64 * 6);
187 R07.store_le(output + 64 * 7);
188 R08.store_le(output + 64 * 8);
189 R09.store_le(output + 64 * 9);
190 R10.store_le(output + 64 * 10);
191 R11.store_le(output + 64 * 11);
192 R12.store_le(output + 64 * 12);
193 R13.store_le(output + 64 * 13);
194 R14.store_le(output + 64 * 14);
195 R15.store_le(output + 64 * 15);
196
197 SIMD_16x32::zero_registers();
198
199 state[12] += 16;
200 if(state[12] < 16) {
201 state[13]++;
202 }
203}
204} // namespace Botan
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
BOTAN_AVX512_FN
#define BOTAN_AVX512_FN
Definition simd_avx512.h:16
Generated by doxygen 1.12.0