Botan 3.10.0
Crypto and TLS for C&
shacal2_x86.cpp
Go to the documentation of this file.
1/*
2* SHACAL-2 using x86 SHA extensions
3* (C) 2017 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/shacal2.h>
9
10#include <botan/internal/isa_extn.h>
11#include <immintrin.h>
12
13namespace Botan {
14
15/*
16Only encryption is supported since the inverse round function would
17require a different instruction
18*/
19
20void BOTAN_FN_ISA_SHANI SHACAL2::x86_encrypt_blocks(const uint8_t in[], uint8_t out[], size_t blocks) const {
21 // NOLINTBEGIN(portability-simd-intrinsics) TODO convert to SIMD_4x32 plus SHA-NI helpers
22
23 const __m128i MASK1 = _mm_set_epi8(8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7);
24 const __m128i MASK2 = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
25
26 const __m128i* RK_mm = reinterpret_cast<const __m128i*>(m_RK.data());
27 const __m128i* in_mm = reinterpret_cast<const __m128i*>(in);
28 __m128i* out_mm = reinterpret_cast<__m128i*>(out);
29
30 while(blocks >= 2) {
31 __m128i B0_0 = _mm_loadu_si128(in_mm);
32 __m128i B0_1 = _mm_loadu_si128(in_mm + 1);
33 __m128i B1_0 = _mm_loadu_si128(in_mm + 2);
34 __m128i B1_1 = _mm_loadu_si128(in_mm + 3);
35
36 __m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0_0, B0_1), MASK2);
37 B0_1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0_0, B0_1), MASK2);
38 B0_0 = TMP;
39
40 TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B1_0, B1_1), MASK2);
41 B1_1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B1_0, B1_1), MASK2);
42 B1_0 = TMP;
43
44 for(size_t i = 0; i != 8; ++i) {
45 const __m128i RK0 = _mm_loadu_si128(RK_mm + 2 * i);
46 const __m128i RK2 = _mm_loadu_si128(RK_mm + 2 * i + 1);
47 const __m128i RK1 = _mm_srli_si128(RK0, 8);
48 const __m128i RK3 = _mm_srli_si128(RK2, 8);
49
50 B0_1 = _mm_sha256rnds2_epu32(B0_1, B0_0, RK0);
51 B1_1 = _mm_sha256rnds2_epu32(B1_1, B1_0, RK0);
52
53 B0_0 = _mm_sha256rnds2_epu32(B0_0, B0_1, RK1);
54 B1_0 = _mm_sha256rnds2_epu32(B1_0, B1_1, RK1);
55
56 B0_1 = _mm_sha256rnds2_epu32(B0_1, B0_0, RK2);
57 B1_1 = _mm_sha256rnds2_epu32(B1_1, B1_0, RK2);
58
59 B0_0 = _mm_sha256rnds2_epu32(B0_0, B0_1, RK3);
60 B1_0 = _mm_sha256rnds2_epu32(B1_0, B1_1, RK3);
61 }
62
63 _mm_storeu_si128(out_mm + 0, _mm_shuffle_epi8(_mm_unpackhi_epi64(B0_0, B0_1), MASK1));
64 _mm_storeu_si128(out_mm + 1, _mm_shuffle_epi8(_mm_unpacklo_epi64(B0_0, B0_1), MASK1));
65 _mm_storeu_si128(out_mm + 2, _mm_shuffle_epi8(_mm_unpackhi_epi64(B1_0, B1_1), MASK1));
66 _mm_storeu_si128(out_mm + 3, _mm_shuffle_epi8(_mm_unpacklo_epi64(B1_0, B1_1), MASK1));
67
68 blocks -= 2;
69 in_mm += 4;
70 out_mm += 4;
71 }
72
73 while(blocks > 0) {
74 __m128i B0 = _mm_loadu_si128(in_mm);
75 __m128i B1 = _mm_loadu_si128(in_mm + 1);
76
77 __m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK2);
78 B1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK2);
79 B0 = TMP;
80
81 for(size_t i = 0; i != 8; ++i) {
82 const __m128i RK0 = _mm_loadu_si128(RK_mm + 2 * i);
83 const __m128i RK2 = _mm_loadu_si128(RK_mm + 2 * i + 1);
84 const __m128i RK1 = _mm_srli_si128(RK0, 8);
85 const __m128i RK3 = _mm_srli_si128(RK2, 8);
86
87 B1 = _mm_sha256rnds2_epu32(B1, B0, RK0);
88 B0 = _mm_sha256rnds2_epu32(B0, B1, RK1);
89 B1 = _mm_sha256rnds2_epu32(B1, B0, RK2);
90 B0 = _mm_sha256rnds2_epu32(B0, B1, RK3);
91 }
92
93 _mm_storeu_si128(out_mm, _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK1));
94 _mm_storeu_si128(out_mm + 1, _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK1));
95
96 blocks--;
97 in_mm += 2;
98 out_mm += 2;
99 }
100
101 // NOLINTEND(portability-simd-intrinsics)
102}
103
104} // namespace Botan
Generated by doxygen 1.15.0