Botan 3.7.1
Crypto and TLS for C&
shacal2_x86.cpp
Go to the documentation of this file.
1/*
2* SHACAL-2 using x86 SHA extensions
3* (C) 2017 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/shacal2.h>
9
10#include <botan/compiler.h>
11#include <immintrin.h>
12
13namespace Botan {
14
15/*
16Only encryption is supported since the inverse round function would
17require a different instruction
18*/
19
20BOTAN_FUNC_ISA("sha,ssse3") void SHACAL2::x86_encrypt_blocks(const uint8_t in[], uint8_t out[], size_t blocks) const {
21 const __m128i MASK1 = _mm_set_epi8(8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7);
22 const __m128i MASK2 = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
23
24 const __m128i* RK_mm = reinterpret_cast<const __m128i*>(m_RK.data());
25 const __m128i* in_mm = reinterpret_cast<const __m128i*>(in);
26 __m128i* out_mm = reinterpret_cast<__m128i*>(out);
27
28 while(blocks >= 2) {
29 __m128i B0_0 = _mm_loadu_si128(in_mm);
30 __m128i B0_1 = _mm_loadu_si128(in_mm + 1);
31 __m128i B1_0 = _mm_loadu_si128(in_mm + 2);
32 __m128i B1_1 = _mm_loadu_si128(in_mm + 3);
33
34 __m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0_0, B0_1), MASK2);
35 B0_1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0_0, B0_1), MASK2);
36 B0_0 = TMP;
37
38 TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B1_0, B1_1), MASK2);
39 B1_1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B1_0, B1_1), MASK2);
40 B1_0 = TMP;
41
42 for(size_t i = 0; i != 8; ++i) {
43 const __m128i RK0 = _mm_loadu_si128(RK_mm + 2 * i);
44 const __m128i RK2 = _mm_loadu_si128(RK_mm + 2 * i + 1);
45 const __m128i RK1 = _mm_srli_si128(RK0, 8);
46 const __m128i RK3 = _mm_srli_si128(RK2, 8);
47
48 B0_1 = _mm_sha256rnds2_epu32(B0_1, B0_0, RK0);
49 B1_1 = _mm_sha256rnds2_epu32(B1_1, B1_0, RK0);
50
51 B0_0 = _mm_sha256rnds2_epu32(B0_0, B0_1, RK1);
52 B1_0 = _mm_sha256rnds2_epu32(B1_0, B1_1, RK1);
53
54 B0_1 = _mm_sha256rnds2_epu32(B0_1, B0_0, RK2);
55 B1_1 = _mm_sha256rnds2_epu32(B1_1, B1_0, RK2);
56
57 B0_0 = _mm_sha256rnds2_epu32(B0_0, B0_1, RK3);
58 B1_0 = _mm_sha256rnds2_epu32(B1_0, B1_1, RK3);
59 }
60
61 _mm_storeu_si128(out_mm + 0, _mm_shuffle_epi8(_mm_unpackhi_epi64(B0_0, B0_1), MASK1));
62 _mm_storeu_si128(out_mm + 1, _mm_shuffle_epi8(_mm_unpacklo_epi64(B0_0, B0_1), MASK1));
63 _mm_storeu_si128(out_mm + 2, _mm_shuffle_epi8(_mm_unpackhi_epi64(B1_0, B1_1), MASK1));
64 _mm_storeu_si128(out_mm + 3, _mm_shuffle_epi8(_mm_unpacklo_epi64(B1_0, B1_1), MASK1));
65
66 blocks -= 2;
67 in_mm += 4;
68 out_mm += 4;
69 }
70
71 while(blocks) {
72 __m128i B0 = _mm_loadu_si128(in_mm);
73 __m128i B1 = _mm_loadu_si128(in_mm + 1);
74
75 __m128i TMP = _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK2);
76 B1 = _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK2);
77 B0 = TMP;
78
79 for(size_t i = 0; i != 8; ++i) {
80 const __m128i RK0 = _mm_loadu_si128(RK_mm + 2 * i);
81 const __m128i RK2 = _mm_loadu_si128(RK_mm + 2 * i + 1);
82 const __m128i RK1 = _mm_srli_si128(RK0, 8);
83 const __m128i RK3 = _mm_srli_si128(RK2, 8);
84
85 B1 = _mm_sha256rnds2_epu32(B1, B0, RK0);
86 B0 = _mm_sha256rnds2_epu32(B0, B1, RK1);
87 B1 = _mm_sha256rnds2_epu32(B1, B0, RK2);
88 B0 = _mm_sha256rnds2_epu32(B0, B1, RK3);
89 }
90
91 _mm_storeu_si128(out_mm, _mm_shuffle_epi8(_mm_unpackhi_epi64(B0, B1), MASK1));
92 _mm_storeu_si128(out_mm + 1, _mm_shuffle_epi8(_mm_unpacklo_epi64(B0, B1), MASK1));
93
94 blocks--;
95 in_mm += 2;
96 out_mm += 2;
97 }
98}
99
100} // namespace Botan
#define BOTAN_FUNC_ISA(isa)
Definition compiler.h:42