Botan 3.3.0
Crypto and TLS for C&
shacal2_x86.cpp
Go to the documentation of this file.
1/*
2* SHACAL-2 using x86 SHA extensions
3* (C) 2017 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/shacal2.h>
9#include <immintrin.h>
10
11namespace Botan {
12
13/*
14Only encryption is supported since the inverse round function would
15require a different instruction
16*/
17
18BOTAN_FUNC_ISA("sha,ssse3") void SHACAL2::x86_encrypt_blocks(const uint8_t in[], uint8_t out[], size_t blocks) const {
19 const __m128i MASK1 = _mm_set_epi8(8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7);
20 const __m128i MASK2 = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
21
22 const __m128i* RK_mm = reinterpret_cast<const __m128i*>(m_RK.data());
23 const __m128i* in_mm = reinterpret_cast<const __m128i*>(in);
24 __m128i* out_mm = reinterpret_cast<__m128i*>(out);
25
26 while(blocks >= 2) {
27 __m128i B0_0 = _mm_loadu_si128(in_mm);
28 __m128i B0_1 = _mm_loadu_si128(in_mm + 1);
29 __m128i B1_0 = _mm_loadu_si128(in_mm + 2);
30 __m128i B1_1 = _mm_loadu_si128(in_mm + 3);
31
32 __m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0_0, B0_1), MASK2);
33 B0_1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0_0, B0_1), MASK2);
34 B0_0 = TMP;
35
36 TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B1_0, B1_1), MASK2);
37 B1_1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B1_0, B1_1), MASK2);
38 B1_0 = TMP;
39
40 for(size_t i = 0; i != 8; ++i) {
41 const __m128i RK0 = _mm_loadu_si128(RK_mm + 2 * i);
42 const __m128i RK2 = _mm_loadu_si128(RK_mm + 2 * i + 1);
43 const __m128i RK1 = _mm_srli_si128(RK0, 8);
44 const __m128i RK3 = _mm_srli_si128(RK2, 8);
45
46 B0_1 = _mm_sha256rnds2_epu32(B0_1, B0_0, RK0);
47 B1_1 = _mm_sha256rnds2_epu32(B1_1, B1_0, RK0);
48
49 B0_0 = _mm_sha256rnds2_epu32(B0_0, B0_1, RK1);
50 B1_0 = _mm_sha256rnds2_epu32(B1_0, B1_1, RK1);
51
52 B0_1 = _mm_sha256rnds2_epu32(B0_1, B0_0, RK2);
53 B1_1 = _mm_sha256rnds2_epu32(B1_1, B1_0, RK2);
54
55 B0_0 = _mm_sha256rnds2_epu32(B0_0, B0_1, RK3);
56 B1_0 = _mm_sha256rnds2_epu32(B1_0, B1_1, RK3);
57 }
58
59 _mm_storeu_si128(out_mm + 0, _mm_shuffle_epi8(_mm_unpackhi_epi64(B0_0, B0_1), MASK1));
60 _mm_storeu_si128(out_mm + 1, _mm_shuffle_epi8(_mm_unpacklo_epi64(B0_0, B0_1), MASK1));
61 _mm_storeu_si128(out_mm + 2, _mm_shuffle_epi8(_mm_unpackhi_epi64(B1_0, B1_1), MASK1));
62 _mm_storeu_si128(out_mm + 3, _mm_shuffle_epi8(_mm_unpacklo_epi64(B1_0, B1_1), MASK1));
63
64 blocks -= 2;
65 in_mm += 4;
66 out_mm += 4;
67 }
68
69 while(blocks) {
70 __m128i B0 = _mm_loadu_si128(in_mm);
71 __m128i B1 = _mm_loadu_si128(in_mm + 1);
72
73 __m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK2);
74 B1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK2);
75 B0 = TMP;
76
77 for(size_t i = 0; i != 8; ++i) {
78 const __m128i RK0 = _mm_loadu_si128(RK_mm + 2 * i);
79 const __m128i RK2 = _mm_loadu_si128(RK_mm + 2 * i + 1);
80 const __m128i RK1 = _mm_srli_si128(RK0, 8);
81 const __m128i RK3 = _mm_srli_si128(RK2, 8);
82
83 B1 = _mm_sha256rnds2_epu32(B1, B0, RK0);
84 B0 = _mm_sha256rnds2_epu32(B0, B1, RK1);
85 B1 = _mm_sha256rnds2_epu32(B1, B0, RK2);
86 B0 = _mm_sha256rnds2_epu32(B0, B1, RK3);
87 }
88
89 _mm_storeu_si128(out_mm, _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK1));
90 _mm_storeu_si128(out_mm + 1, _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK1));
91
92 blocks--;
93 in_mm += 2;
94 out_mm += 2;
95 }
96}
97
98} // namespace Botan
#define BOTAN_FUNC_ISA(isa)
Definition compiler.h:92