Botan 3.9.0
Crypto and TLS for C&
serpent_avx2.cpp
Go to the documentation of this file.
1/*
2* (C) 2018 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/serpent.h>
8
9#include <botan/internal/serpent_sbox.h>
10#include <botan/internal/simd_avx2.h>
11
12namespace Botan {
13
14// TODO(Botan4) if minimum GCC is increased we can remove this
15#if defined(__GNUG__) && !defined(__clang__) && (__GNUG__ < 13)
16
17// These macros are redundant with the versions in serpent_sbox.h
18// but unfortunately removing them seems to trigger a bug in GCC
19// when building in amalgamation mode
20
21 #define transform(B0, B1, B2, B3) \
22 do { \
23 B0 = B0.rotl<13>(); \
24 B2 = B2.rotl<3>(); \
25 B1 ^= B0 ^ B2; \
26 B3 ^= B2 ^ B0.shl<3>(); \
27 B1 = B1.rotl<1>(); \
28 B3 = B3.rotl<7>(); \
29 B0 ^= B1 ^ B3; \
30 B2 ^= B3 ^ B1.shl<7>(); \
31 B0 = B0.rotl<5>(); \
32 B2 = B2.rotl<22>(); \
33 } while(0)
34
35 #define i_transform(B0, B1, B2, B3) \
36 do { \
37 B2 = B2.rotr<22>(); \
38 B0 = B0.rotr<5>(); \
39 B2 ^= B3 ^ B1.shl<7>(); \
40 B0 ^= B1 ^ B3; \
41 B3 = B3.rotr<7>(); \
42 B1 = B1.rotr<1>(); \
43 B3 ^= B2 ^ B0.shl<3>(); \
44 B1 ^= B0 ^ B2; \
45 B2 = B2.rotr<3>(); \
46 B0 = B0.rotr<13>(); \
47 } while(0)
48
49#endif
50
51void BOTAN_FN_ISA_AVX2 Serpent::avx2_encrypt_8(const uint8_t in[128], uint8_t out[128]) const {
52 using namespace Botan::Serpent_F;
53
54 SIMD_8x32::reset_registers();
55
56 SIMD_8x32 B0 = SIMD_8x32::load_le(in);
57 SIMD_8x32 B1 = SIMD_8x32::load_le(in + 32);
58 SIMD_8x32 B2 = SIMD_8x32::load_le(in + 64);
59 SIMD_8x32 B3 = SIMD_8x32::load_le(in + 96);
60
61 SIMD_8x32::transpose(B0, B1, B2, B3);
62
63 const Key_Inserter key_xor(m_round_key.data());
64
65 key_xor(0, B0, B1, B2, B3);
66 SBoxE0(B0, B1, B2, B3);
67 transform(B0, B1, B2, B3);
68 key_xor(1, B0, B1, B2, B3);
69 SBoxE1(B0, B1, B2, B3);
70 transform(B0, B1, B2, B3);
71 key_xor(2, B0, B1, B2, B3);
72 SBoxE2(B0, B1, B2, B3);
73 transform(B0, B1, B2, B3);
74 key_xor(3, B0, B1, B2, B3);
75 SBoxE3(B0, B1, B2, B3);
76 transform(B0, B1, B2, B3);
77 key_xor(4, B0, B1, B2, B3);
78 SBoxE4(B0, B1, B2, B3);
79 transform(B0, B1, B2, B3);
80 key_xor(5, B0, B1, B2, B3);
81 SBoxE5(B0, B1, B2, B3);
82 transform(B0, B1, B2, B3);
83 key_xor(6, B0, B1, B2, B3);
84 SBoxE6(B0, B1, B2, B3);
85 transform(B0, B1, B2, B3);
86 key_xor(7, B0, B1, B2, B3);
87 SBoxE7(B0, B1, B2, B3);
88 transform(B0, B1, B2, B3);
89
90 key_xor(8, B0, B1, B2, B3);
91 SBoxE0(B0, B1, B2, B3);
92 transform(B0, B1, B2, B3);
93 key_xor(9, B0, B1, B2, B3);
94 SBoxE1(B0, B1, B2, B3);
95 transform(B0, B1, B2, B3);
96 key_xor(10, B0, B1, B2, B3);
97 SBoxE2(B0, B1, B2, B3);
98 transform(B0, B1, B2, B3);
99 key_xor(11, B0, B1, B2, B3);
100 SBoxE3(B0, B1, B2, B3);
101 transform(B0, B1, B2, B3);
102 key_xor(12, B0, B1, B2, B3);
103 SBoxE4(B0, B1, B2, B3);
104 transform(B0, B1, B2, B3);
105 key_xor(13, B0, B1, B2, B3);
106 SBoxE5(B0, B1, B2, B3);
107 transform(B0, B1, B2, B3);
108 key_xor(14, B0, B1, B2, B3);
109 SBoxE6(B0, B1, B2, B3);
110 transform(B0, B1, B2, B3);
111 key_xor(15, B0, B1, B2, B3);
112 SBoxE7(B0, B1, B2, B3);
113 transform(B0, B1, B2, B3);
114
115 key_xor(16, B0, B1, B2, B3);
116 SBoxE0(B0, B1, B2, B3);
117 transform(B0, B1, B2, B3);
118 key_xor(17, B0, B1, B2, B3);
119 SBoxE1(B0, B1, B2, B3);
120 transform(B0, B1, B2, B3);
121 key_xor(18, B0, B1, B2, B3);
122 SBoxE2(B0, B1, B2, B3);
123 transform(B0, B1, B2, B3);
124 key_xor(19, B0, B1, B2, B3);
125 SBoxE3(B0, B1, B2, B3);
126 transform(B0, B1, B2, B3);
127 key_xor(20, B0, B1, B2, B3);
128 SBoxE4(B0, B1, B2, B3);
129 transform(B0, B1, B2, B3);
130 key_xor(21, B0, B1, B2, B3);
131 SBoxE5(B0, B1, B2, B3);
132 transform(B0, B1, B2, B3);
133 key_xor(22, B0, B1, B2, B3);
134 SBoxE6(B0, B1, B2, B3);
135 transform(B0, B1, B2, B3);
136 key_xor(23, B0, B1, B2, B3);
137 SBoxE7(B0, B1, B2, B3);
138 transform(B0, B1, B2, B3);
139
140 key_xor(24, B0, B1, B2, B3);
141 SBoxE0(B0, B1, B2, B3);
142 transform(B0, B1, B2, B3);
143 key_xor(25, B0, B1, B2, B3);
144 SBoxE1(B0, B1, B2, B3);
145 transform(B0, B1, B2, B3);
146 key_xor(26, B0, B1, B2, B3);
147 SBoxE2(B0, B1, B2, B3);
148 transform(B0, B1, B2, B3);
149 key_xor(27, B0, B1, B2, B3);
150 SBoxE3(B0, B1, B2, B3);
151 transform(B0, B1, B2, B3);
152 key_xor(28, B0, B1, B2, B3);
153 SBoxE4(B0, B1, B2, B3);
154 transform(B0, B1, B2, B3);
155 key_xor(29, B0, B1, B2, B3);
156 SBoxE5(B0, B1, B2, B3);
157 transform(B0, B1, B2, B3);
158 key_xor(30, B0, B1, B2, B3);
159 SBoxE6(B0, B1, B2, B3);
160 transform(B0, B1, B2, B3);
161 key_xor(31, B0, B1, B2, B3);
162 SBoxE7(B0, B1, B2, B3);
163 key_xor(32, B0, B1, B2, B3);
164
165 SIMD_8x32::transpose(B0, B1, B2, B3);
166 B0.store_le(out);
167 B1.store_le(out + 32);
168 B2.store_le(out + 64);
169 B3.store_le(out + 96);
170
171 SIMD_8x32::zero_registers();
172}
173
174void BOTAN_FN_ISA_AVX2 Serpent::avx2_decrypt_8(const uint8_t in[128], uint8_t out[128]) const {
175 using namespace Botan::Serpent_F;
176
177 SIMD_8x32::reset_registers();
178
179 SIMD_8x32 B0 = SIMD_8x32::load_le(in);
180 SIMD_8x32 B1 = SIMD_8x32::load_le(in + 32);
181 SIMD_8x32 B2 = SIMD_8x32::load_le(in + 64);
182 SIMD_8x32 B3 = SIMD_8x32::load_le(in + 96);
183
184 SIMD_8x32::transpose(B0, B1, B2, B3);
185
186 const Key_Inserter key_xor(m_round_key.data());
187
188 key_xor(32, B0, B1, B2, B3);
189 SBoxD7(B0, B1, B2, B3);
190 key_xor(31, B0, B1, B2, B3);
191 i_transform(B0, B1, B2, B3);
192 SBoxD6(B0, B1, B2, B3);
193 key_xor(30, B0, B1, B2, B3);
194 i_transform(B0, B1, B2, B3);
195 SBoxD5(B0, B1, B2, B3);
196 key_xor(29, B0, B1, B2, B3);
197 i_transform(B0, B1, B2, B3);
198 SBoxD4(B0, B1, B2, B3);
199 key_xor(28, B0, B1, B2, B3);
200 i_transform(B0, B1, B2, B3);
201 SBoxD3(B0, B1, B2, B3);
202 key_xor(27, B0, B1, B2, B3);
203 i_transform(B0, B1, B2, B3);
204 SBoxD2(B0, B1, B2, B3);
205 key_xor(26, B0, B1, B2, B3);
206 i_transform(B0, B1, B2, B3);
207 SBoxD1(B0, B1, B2, B3);
208 key_xor(25, B0, B1, B2, B3);
209 i_transform(B0, B1, B2, B3);
210 SBoxD0(B0, B1, B2, B3);
211 key_xor(24, B0, B1, B2, B3);
212
213 i_transform(B0, B1, B2, B3);
214 SBoxD7(B0, B1, B2, B3);
215 key_xor(23, B0, B1, B2, B3);
216 i_transform(B0, B1, B2, B3);
217 SBoxD6(B0, B1, B2, B3);
218 key_xor(22, B0, B1, B2, B3);
219 i_transform(B0, B1, B2, B3);
220 SBoxD5(B0, B1, B2, B3);
221 key_xor(21, B0, B1, B2, B3);
222 i_transform(B0, B1, B2, B3);
223 SBoxD4(B0, B1, B2, B3);
224 key_xor(20, B0, B1, B2, B3);
225 i_transform(B0, B1, B2, B3);
226 SBoxD3(B0, B1, B2, B3);
227 key_xor(19, B0, B1, B2, B3);
228 i_transform(B0, B1, B2, B3);
229 SBoxD2(B0, B1, B2, B3);
230 key_xor(18, B0, B1, B2, B3);
231 i_transform(B0, B1, B2, B3);
232 SBoxD1(B0, B1, B2, B3);
233 key_xor(17, B0, B1, B2, B3);
234 i_transform(B0, B1, B2, B3);
235 SBoxD0(B0, B1, B2, B3);
236 key_xor(16, B0, B1, B2, B3);
237
238 i_transform(B0, B1, B2, B3);
239 SBoxD7(B0, B1, B2, B3);
240 key_xor(15, B0, B1, B2, B3);
241 i_transform(B0, B1, B2, B3);
242 SBoxD6(B0, B1, B2, B3);
243 key_xor(14, B0, B1, B2, B3);
244 i_transform(B0, B1, B2, B3);
245 SBoxD5(B0, B1, B2, B3);
246 key_xor(13, B0, B1, B2, B3);
247 i_transform(B0, B1, B2, B3);
248 SBoxD4(B0, B1, B2, B3);
249 key_xor(12, B0, B1, B2, B3);
250 i_transform(B0, B1, B2, B3);
251 SBoxD3(B0, B1, B2, B3);
252 key_xor(11, B0, B1, B2, B3);
253 i_transform(B0, B1, B2, B3);
254 SBoxD2(B0, B1, B2, B3);
255 key_xor(10, B0, B1, B2, B3);
256 i_transform(B0, B1, B2, B3);
257 SBoxD1(B0, B1, B2, B3);
258 key_xor(9, B0, B1, B2, B3);
259 i_transform(B0, B1, B2, B3);
260 SBoxD0(B0, B1, B2, B3);
261 key_xor(8, B0, B1, B2, B3);
262
263 i_transform(B0, B1, B2, B3);
264 SBoxD7(B0, B1, B2, B3);
265 key_xor(7, B0, B1, B2, B3);
266 i_transform(B0, B1, B2, B3);
267 SBoxD6(B0, B1, B2, B3);
268 key_xor(6, B0, B1, B2, B3);
269 i_transform(B0, B1, B2, B3);
270 SBoxD5(B0, B1, B2, B3);
271 key_xor(5, B0, B1, B2, B3);
272 i_transform(B0, B1, B2, B3);
273 SBoxD4(B0, B1, B2, B3);
274 key_xor(4, B0, B1, B2, B3);
275 i_transform(B0, B1, B2, B3);
276 SBoxD3(B0, B1, B2, B3);
277 key_xor(3, B0, B1, B2, B3);
278 i_transform(B0, B1, B2, B3);
279 SBoxD2(B0, B1, B2, B3);
280 key_xor(2, B0, B1, B2, B3);
281 i_transform(B0, B1, B2, B3);
282 SBoxD1(B0, B1, B2, B3);
283 key_xor(1, B0, B1, B2, B3);
284 i_transform(B0, B1, B2, B3);
285 SBoxD0(B0, B1, B2, B3);
286 key_xor(0, B0, B1, B2, B3);
287
288 SIMD_8x32::transpose(B0, B1, B2, B3);
289
290 B0.store_le(out);
291 B1.store_le(out + 32);
292 B2.store_le(out + 64);
293 B3.store_le(out + 96);
294
295 SIMD_8x32::zero_registers();
296}
297
298#undef transform
299#undef i_transform
300
301} // namespace Botan
Botan::SIMD_8x32::reset_registers
static BOTAN_FN_ISA_AVX2 void reset_registers() noexcept
Definition simd_avx2.h:317
Botan::SIMD_8x32::load_le
static BOTAN_FN_ISA_AVX2 SIMD_8x32 load_le(const uint8_t *in) noexcept
Definition simd_avx2.h:61
Botan::SIMD_8x32::transpose
static BOTAN_FN_ISA_AVX2 void transpose(SIMD_8x32 &B0, SIMD_8x32 &B1, SIMD_8x32 &B2, SIMD_8x32 &B3) noexcept
Definition simd_avx2.h:264
Botan::SIMD_8x32::zero_registers
static BOTAN_FN_ISA_AVX2 void zero_registers() noexcept
Definition simd_avx2.h:320
Botan::SIMD_8x32::store_le
BOTAN_FN_ISA_AVX2 void store_le(uint8_t out[]) const noexcept
Definition simd_avx2.h:84
Botan::Serpent_F::transform
BOTAN_FORCE_INLINE void transform(T &B0, T &B1, T &B2, T &B3)
Definition serpent_fn.h:35
Botan::Serpent_F::SBoxD5
BOTAN_FORCE_INLINE void SBoxD5(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:354
Botan::Serpent_F::SBoxD4
BOTAN_FORCE_INLINE void SBoxD4(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:328
Botan::Serpent_F::SBoxE0
BOTAN_FORCE_INLINE void SBoxE0(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:19
Botan::Serpent_F::SBoxE1
BOTAN_FORCE_INLINE void SBoxE1(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:44
Botan::Serpent_F::SBoxE3
BOTAN_FORCE_INLINE void SBoxE3(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:93
Botan::Serpent_F::SBoxD0
BOTAN_FORCE_INLINE void SBoxD0(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:224
Botan::Serpent_F::SBoxE5
BOTAN_FORCE_INLINE void SBoxE5(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:146
Botan::Serpent_F::SBoxD6
BOTAN_FORCE_INLINE void SBoxD6(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:382
Botan::Serpent_F::SBoxD3
BOTAN_FORCE_INLINE void SBoxD3(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:302
Botan::Serpent_F::i_transform
BOTAN_FORCE_INLINE void i_transform(T &B0, T &B1, T &B2, T &B3)
Definition serpent_fn.h:52
Botan::Serpent_F::SBoxD2
BOTAN_FORCE_INLINE void SBoxD2(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:277
Botan::Serpent_F::SBoxE6
BOTAN_FORCE_INLINE void SBoxE6(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:173
Botan::Serpent_F::SBoxE2
BOTAN_FORCE_INLINE void SBoxE2(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:70
Botan::Serpent_F::SBoxE4
BOTAN_FORCE_INLINE void SBoxE4(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:119
Botan::Serpent_F::SBoxD1
BOTAN_FORCE_INLINE void SBoxD1(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:249
Botan::Serpent_F::SBoxE7
BOTAN_FORCE_INLINE void SBoxE7(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:196
Botan::Serpent_F::SBoxD7
BOTAN_FORCE_INLINE void SBoxD7(T &a, T &b, T &c, T &d)
Definition serpent_sbox.h:406
Generated by doxygen 1.14.0