Botan 3.11.0
Crypto and TLS for C&
sm3_avx2_bmi2.cpp
Go to the documentation of this file.
1/*
2* (C) 2025 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/sm3.h>
8
9#include <botan/internal/isa_extn.h>
10#include <botan/internal/simd_4x32.h>
11#include <botan/internal/simd_avx2.h>
12#include <botan/internal/sm3_fn.h>
13
14namespace Botan {
15
16namespace {
17
18BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_8x32 alignr12(const SIMD_8x32& a, const SIMD_8x32& b) {
19 return SIMD_8x32(_mm256_alignr_epi8(a.raw(), b.raw(), 12));
20}
21
22BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_4x32 alignr12(const SIMD_4x32& a, const SIMD_4x32& b) {
23 return SIMD_4x32(_mm_alignr_epi8(a.raw(), b.raw(), 12));
24}
25
26template <typename SIMD_T>
27BOTAN_FN_ISA_AVX2_BMI2 inline void next_SM3_W(SIMD_T& W0, const SIMD_T& W1, const SIMD_T& W2, const SIMD_T& W3) {
28 auto X3 = alignr12(W1, W0); // W[3..6]
29 auto X7 = alignr12(W2, W1); // W[7..10]
30 auto X10 = SIMD_T::alignr8(W3, W2); // W[10..13]
31 auto X13 = W3.template shift_elems_right<1>(); // W[13..15] || 0
32
33 auto P1_I = W0 ^ X7 ^ X13.template rotl<15>();
34 auto P1_O = P1_I ^ P1_I.template rotl<15>() ^ P1_I.template rotl<23>();
35 auto T = P1_O ^ X3.template rotl<7>() ^ X10;
36
37 /*
38 * There is one hole in the recurrence, we now must compute P1(rotl<15>(W[0]))
39 * and xor it into W[3]
40 */
41
42 // Extract W[0] into T2 in position 3
43 auto T2 = T.template shift_elems_left<3>();
44
45 // Compute P1(rotl<15>(W[0])) [combining the rotation values]
46 auto P1_T2 = T2.template rotl<15>() ^ T2.template rotl<30>() ^ T2.template rotl<6>();
47
48 // XOR in
49 T ^= P1_T2;
50
51 W0 = T;
52}
53
54} // namespace
55
56BOTAN_FN_ISA_AVX2_BMI2 void SM3::compress_digest_x86_avx2(digest_type& digest,
57 std::span<const uint8_t> input,
58 size_t blocks) {
59 uint32_t A = digest[0];
60 uint32_t B = digest[1];
61 uint32_t C = digest[2];
62 uint32_t D = digest[3];
63 uint32_t E = digest[4];
64 uint32_t F = digest[5];
65 uint32_t G = digest[6];
66 uint32_t H = digest[7];
67 std::array<uint32_t, 16> W{};
68 std::array<uint32_t, 68> E2{};
69
70 const uint8_t* data = input.data();
71
72 // NOLINTBEGIN(*-container-data-pointer)
73
74 while(blocks >= 2) {
75 auto W0 = SIMD_8x32::load_be128(&data[0], &data[64]);
76 auto W1 = SIMD_8x32::load_be128(&data[16], &data[80]);
77 auto W2 = SIMD_8x32::load_be128(&data[32], &data[96]);
78 auto W3 = SIMD_8x32::load_be128(&data[48], &data[112]);
79
80 W0.store_le128(&W[0], &E2[0]);
81 W1.store_le128(&W[4], &E2[4]);
82 W2.store_le128(&W[8], &E2[8]);
83 W3.store_le128(&W[12], &E2[12]);
84
85 data += 2 * block_bytes;
86 blocks -= 2;
87
88 // clang-format off
89
90 R1(A, B, C, D, E, F, G, H, 0x79CC4519, W[ 0], W[ 4]);
91 R1(D, A, B, C, H, E, F, G, 0xF3988A32, W[ 1], W[ 5]);
92 R1(C, D, A, B, G, H, E, F, 0xE7311465, W[ 2], W[ 6]);
93 R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W[ 3], W[ 7]);
94 next_SM3_W(W0, W1, W2, W3);
95 W0.store_le128(&W[0], &E2[16]);
96
97 R1(A, B, C, D, E, F, G, H, 0x9CC45197, W[ 4], W[ 8]);
98 R1(D, A, B, C, H, E, F, G, 0x3988A32F, W[ 5], W[ 9]);
99 R1(C, D, A, B, G, H, E, F, 0x7311465E, W[ 6], W[10]);
100 R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W[ 7], W[11]);
101 next_SM3_W(W1, W2, W3, W0);
102 W1.store_le128(&W[4], &E2[20]);
103
104 R1(A, B, C, D, E, F, G, H, 0xCC451979, W[ 8], W[12]);
105 R1(D, A, B, C, H, E, F, G, 0x988A32F3, W[ 9], W[13]);
106 R1(C, D, A, B, G, H, E, F, 0x311465E7, W[10], W[14]);
107 R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W[11], W[15]);
108 next_SM3_W(W2, W3, W0, W1);
109 W2.store_le128(&W[8], &E2[24]);
110
111 R1(A, B, C, D, E, F, G, H, 0xC451979C, W[12], W[ 0]);
112 R1(D, A, B, C, H, E, F, G, 0x88A32F39, W[13], W[ 1]);
113 R1(C, D, A, B, G, H, E, F, 0x11465E73, W[14], W[ 2]);
114 R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W[15], W[ 3]);
115 next_SM3_W(W3, W0, W1, W2);
116 W3.store_le128(&W[12], &E2[28]);
117
118 R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[ 0], W[ 4]);
119 R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[ 1], W[ 5]);
120 R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[ 2], W[ 6]);
121 R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[ 3], W[ 7]);
122 next_SM3_W(W0, W1, W2, W3);
123 W0.store_le128(&W[0], &E2[32]);
124
125 R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[ 4], W[ 8]);
126 R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[ 5], W[ 9]);
127 R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[ 6], W[10]);
128 R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[ 7], W[11]);
129 next_SM3_W(W1, W2, W3, W0);
130 W1.store_le128(&W[4], &E2[36]);
131
132 R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[ 8], W[12]);
133 R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[ 9], W[13]);
134 R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[10], W[14]);
135 R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[11], W[15]);
136 next_SM3_W(W2, W3, W0, W1);
137 W2.store_le128(&W[8], &E2[40]);
138
139 R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[12], W[ 0]);
140 R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[13], W[ 1]);
141 R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[14], W[ 2]);
142 R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[15], W[ 3]);
143 next_SM3_W(W3, W0, W1, W2);
144 W3.store_le128(&W[12], &E2[44]);
145
146 R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W[ 0], W[ 4]);
147 R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W[ 1], W[ 5]);
148 R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W[ 2], W[ 6]);
149 R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W[ 3], W[ 7]);
150 next_SM3_W(W0, W1, W2, W3);
151 W0.store_le128(&W[0], &E2[48]);
152
153 R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W[ 4], W[ 8]);
154 R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W[ 5], W[ 9]);
155 R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W[ 6], W[10]);
156 R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W[ 7], W[11]);
157 next_SM3_W(W1, W2, W3, W0);
158 W1.store_le128(&W[4], &E2[52]);
159
160 R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W[ 8], W[12]);
161 R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W[ 9], W[13]);
162 R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W[10], W[14]);
163 R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W[11], W[15]);
164 next_SM3_W(W2, W3, W0, W1);
165 W2.store_le128(&W[8], &E2[56]);
166
167 R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W[12], W[ 0]);
168 R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W[13], W[ 1]);
169 R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W[14], W[ 2]);
170 R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W[15], W[ 3]);
171 next_SM3_W(W3, W0, W1, W2);
172 W3.store_le128(&W[12], &E2[60]);
173
174 R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[ 0], W[ 4]);
175 R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[ 1], W[ 5]);
176 R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[ 2], W[ 6]);
177 R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[ 3], W[ 7]);
178 next_SM3_W(W0, W1, W2, W3);
179 W0.store_le128(&W[0], &E2[64]);
180
181 R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[ 4], W[ 8]);
182 R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[ 5], W[ 9]);
183 R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[ 6], W[10]);
184 R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[ 7], W[11]);
185
186 R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[ 8], W[12]);
187 R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[ 9], W[13]);
188 R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[10], W[14]);
189 R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[11], W[15]);
190
191 R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[12], W[ 0]);
192 R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[13], W[ 1]);
193 R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[14], W[ 2]);
194 R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[15], W[ 3]);
195
196 // clang-format on
197
198 A = (digest[0] ^= A);
199 B = (digest[1] ^= B);
200 C = (digest[2] ^= C);
201 D = (digest[3] ^= D);
202 E = (digest[4] ^= E);
203 F = (digest[5] ^= F);
204 G = (digest[6] ^= G);
205 H = (digest[7] ^= H);
206
207 // clang-format off
208 R1(A, B, C, D, E, F, G, H, 0x79CC4519, E2[0], E2[4]);
209 R1(D, A, B, C, H, E, F, G, 0xF3988A32, E2[1], E2[5]);
210 R1(C, D, A, B, G, H, E, F, 0xE7311465, E2[2], E2[6]);
211 R1(B, C, D, A, F, G, H, E, 0xCE6228CB, E2[3], E2[7]);
212 R1(A, B, C, D, E, F, G, H, 0x9CC45197, E2[4], E2[8]);
213 R1(D, A, B, C, H, E, F, G, 0x3988A32F, E2[5], E2[9]);
214 R1(C, D, A, B, G, H, E, F, 0x7311465E, E2[6], E2[10]);
215 R1(B, C, D, A, F, G, H, E, 0xE6228CBC, E2[7], E2[11]);
216 R1(A, B, C, D, E, F, G, H, 0xCC451979, E2[8], E2[12]);
217 R1(D, A, B, C, H, E, F, G, 0x988A32F3, E2[9], E2[13]);
218 R1(C, D, A, B, G, H, E, F, 0x311465E7, E2[10], E2[14]);
219 R1(B, C, D, A, F, G, H, E, 0x6228CBCE, E2[11], E2[15]);
220 R1(A, B, C, D, E, F, G, H, 0xC451979C, E2[12], E2[16]);
221 R1(D, A, B, C, H, E, F, G, 0x88A32F39, E2[13], E2[17]);
222 R1(C, D, A, B, G, H, E, F, 0x11465E73, E2[14], E2[18]);
223 R1(B, C, D, A, F, G, H, E, 0x228CBCE6, E2[15], E2[19]);
224 R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, E2[16], E2[20]);
225 R2(D, A, B, C, H, E, F, G, 0x3B14F50F, E2[17], E2[21]);
226 R2(C, D, A, B, G, H, E, F, 0x7629EA1E, E2[18], E2[22]);
227 R2(B, C, D, A, F, G, H, E, 0xEC53D43C, E2[19], E2[23]);
228 R2(A, B, C, D, E, F, G, H, 0xD8A7A879, E2[20], E2[24]);
229 R2(D, A, B, C, H, E, F, G, 0xB14F50F3, E2[21], E2[25]);
230 R2(C, D, A, B, G, H, E, F, 0x629EA1E7, E2[22], E2[26]);
231 R2(B, C, D, A, F, G, H, E, 0xC53D43CE, E2[23], E2[27]);
232 R2(A, B, C, D, E, F, G, H, 0x8A7A879D, E2[24], E2[28]);
233 R2(D, A, B, C, H, E, F, G, 0x14F50F3B, E2[25], E2[29]);
234 R2(C, D, A, B, G, H, E, F, 0x29EA1E76, E2[26], E2[30]);
235 R2(B, C, D, A, F, G, H, E, 0x53D43CEC, E2[27], E2[31]);
236 R2(A, B, C, D, E, F, G, H, 0xA7A879D8, E2[28], E2[32]);
237 R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, E2[29], E2[33]);
238 R2(C, D, A, B, G, H, E, F, 0x9EA1E762, E2[30], E2[34]);
239 R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, E2[31], E2[35]);
240 R2(A, B, C, D, E, F, G, H, 0x7A879D8A, E2[32], E2[36]);
241 R2(D, A, B, C, H, E, F, G, 0xF50F3B14, E2[33], E2[37]);
242 R2(C, D, A, B, G, H, E, F, 0xEA1E7629, E2[34], E2[38]);
243 R2(B, C, D, A, F, G, H, E, 0xD43CEC53, E2[35], E2[39]);
244 R2(A, B, C, D, E, F, G, H, 0xA879D8A7, E2[36], E2[40]);
245 R2(D, A, B, C, H, E, F, G, 0x50F3B14F, E2[37], E2[41]);
246 R2(C, D, A, B, G, H, E, F, 0xA1E7629E, E2[38], E2[42]);
247 R2(B, C, D, A, F, G, H, E, 0x43CEC53D, E2[39], E2[43]);
248 R2(A, B, C, D, E, F, G, H, 0x879D8A7A, E2[40], E2[44]);
249 R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, E2[41], E2[45]);
250 R2(C, D, A, B, G, H, E, F, 0x1E7629EA, E2[42], E2[46]);
251 R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, E2[43], E2[47]);
252 R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, E2[44], E2[48]);
253 R2(D, A, B, C, H, E, F, G, 0xF3B14F50, E2[45], E2[49]);
254 R2(C, D, A, B, G, H, E, F, 0xE7629EA1, E2[46], E2[50]);
255 R2(B, C, D, A, F, G, H, E, 0xCEC53D43, E2[47], E2[51]);
256 R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, E2[48], E2[52]);
257 R2(D, A, B, C, H, E, F, G, 0x3B14F50F, E2[49], E2[53]);
258 R2(C, D, A, B, G, H, E, F, 0x7629EA1E, E2[50], E2[54]);
259 R2(B, C, D, A, F, G, H, E, 0xEC53D43C, E2[51], E2[55]);
260 R2(A, B, C, D, E, F, G, H, 0xD8A7A879, E2[52], E2[56]);
261 R2(D, A, B, C, H, E, F, G, 0xB14F50F3, E2[53], E2[57]);
262 R2(C, D, A, B, G, H, E, F, 0x629EA1E7, E2[54], E2[58]);
263 R2(B, C, D, A, F, G, H, E, 0xC53D43CE, E2[55], E2[59]);
264 R2(A, B, C, D, E, F, G, H, 0x8A7A879D, E2[56], E2[60]);
265 R2(D, A, B, C, H, E, F, G, 0x14F50F3B, E2[57], E2[61]);
266 R2(C, D, A, B, G, H, E, F, 0x29EA1E76, E2[58], E2[62]);
267 R2(B, C, D, A, F, G, H, E, 0x53D43CEC, E2[59], E2[63]);
268 R2(A, B, C, D, E, F, G, H, 0xA7A879D8, E2[60], E2[64]);
269 R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, E2[61], E2[65]);
270 R2(C, D, A, B, G, H, E, F, 0x9EA1E762, E2[62], E2[66]);
271 R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, E2[63], E2[67]);
272
273 // clang-format on
274
275 A = (digest[0] ^= A);
276 B = (digest[1] ^= B);
277 C = (digest[2] ^= C);
278 D = (digest[3] ^= D);
279 E = (digest[4] ^= E);
280 F = (digest[5] ^= F);
281 G = (digest[6] ^= G);
282 H = (digest[7] ^= H);
283 }
284
285 while(blocks > 0) {
286 SIMD_4x32 W0 = SIMD_4x32::load_be(&data[0]);
287 SIMD_4x32 W1 = SIMD_4x32::load_be(&data[16]);
288 SIMD_4x32 W2 = SIMD_4x32::load_be(&data[32]);
289 SIMD_4x32 W3 = SIMD_4x32::load_be(&data[48]);
290
291 W0.store_le(&W[0]);
292 W1.store_le(&W[4]);
293 W2.store_le(&W[8]);
294 W3.store_le(&W[12]);
295
296 data += block_bytes;
297 blocks -= 1;
298
299 // clang-format off
300
301 R1(A, B, C, D, E, F, G, H, 0x79CC4519, W[ 0], W[ 4]);
302 R1(D, A, B, C, H, E, F, G, 0xF3988A32, W[ 1], W[ 5]);
303 R1(C, D, A, B, G, H, E, F, 0xE7311465, W[ 2], W[ 6]);
304 R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W[ 3], W[ 7]);
305 next_SM3_W(W0, W1, W2, W3);
306 W0.store_le(&W[0]);
307
308 R1(A, B, C, D, E, F, G, H, 0x9CC45197, W[ 4], W[ 8]);
309 R1(D, A, B, C, H, E, F, G, 0x3988A32F, W[ 5], W[ 9]);
310 R1(C, D, A, B, G, H, E, F, 0x7311465E, W[ 6], W[10]);
311 R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W[ 7], W[11]);
312 next_SM3_W(W1, W2, W3, W0);
313 W1.store_le(&W[4]);
314
315 R1(A, B, C, D, E, F, G, H, 0xCC451979, W[ 8], W[12]);
316 R1(D, A, B, C, H, E, F, G, 0x988A32F3, W[ 9], W[13]);
317 R1(C, D, A, B, G, H, E, F, 0x311465E7, W[10], W[14]);
318 R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W[11], W[15]);
319 next_SM3_W(W2, W3, W0, W1);
320 W2.store_le(&W[8]);
321
322 R1(A, B, C, D, E, F, G, H, 0xC451979C, W[12], W[ 0]);
323 R1(D, A, B, C, H, E, F, G, 0x88A32F39, W[13], W[ 1]);
324 R1(C, D, A, B, G, H, E, F, 0x11465E73, W[14], W[ 2]);
325 R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W[15], W[ 3]);
326 next_SM3_W(W3, W0, W1, W2);
327 W3.store_le(&W[12]);
328
329 R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[ 0], W[ 4]);
330 R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[ 1], W[ 5]);
331 R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[ 2], W[ 6]);
332 R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[ 3], W[ 7]);
333 next_SM3_W(W0, W1, W2, W3);
334 W0.store_le(&W[0]);
335
336 R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[ 4], W[ 8]);
337 R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[ 5], W[ 9]);
338 R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[ 6], W[10]);
339 R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[ 7], W[11]);
340 next_SM3_W(W1, W2, W3, W0);
341 W1.store_le(&W[4]);
342
343 R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[ 8], W[12]);
344 R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[ 9], W[13]);
345 R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[10], W[14]);
346 R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[11], W[15]);
347 next_SM3_W(W2, W3, W0, W1);
348 W2.store_le(&W[8]);
349
350 R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[12], W[ 0]);
351 R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[13], W[ 1]);
352 R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[14], W[ 2]);
353 R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[15], W[ 3]);
354 next_SM3_W(W3, W0, W1, W2);
355 W3.store_le(&W[12]);
356
357 R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W[ 0], W[ 4]);
358 R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W[ 1], W[ 5]);
359 R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W[ 2], W[ 6]);
360 R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W[ 3], W[ 7]);
361 next_SM3_W(W0, W1, W2, W3);
362 W0.store_le(&W[0]);
363
364 R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W[ 4], W[ 8]);
365 R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W[ 5], W[ 9]);
366 R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W[ 6], W[10]);
367 R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W[ 7], W[11]);
368 next_SM3_W(W1, W2, W3, W0);
369 W1.store_le(&W[4]);
370
371 R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W[ 8], W[12]);
372 R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W[ 9], W[13]);
373 R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W[10], W[14]);
374 R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W[11], W[15]);
375 next_SM3_W(W2, W3, W0, W1);
376 W2.store_le(&W[8]);
377
378 R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W[12], W[ 0]);
379 R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W[13], W[ 1]);
380 R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W[14], W[ 2]);
381 R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W[15], W[ 3]);
382 next_SM3_W(W3, W0, W1, W2);
383 W3.store_le(&W[12]);
384
385 R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[ 0], W[ 4]);
386 R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[ 1], W[ 5]);
387 R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[ 2], W[ 6]);
388 R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[ 3], W[ 7]);
389 next_SM3_W(W0, W1, W2, W3);
390 W0.store_le(&W[0]);
391
392 R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[ 4], W[ 8]);
393 R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[ 5], W[ 9]);
394 R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[ 6], W[10]);
395 R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[ 7], W[11]);
396
397 R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[ 8], W[12]);
398 R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[ 9], W[13]);
399 R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[10], W[14]);
400 R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[11], W[15]);
401
402 R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[12], W[ 0]);
403 R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[13], W[ 1]);
404 R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[14], W[ 2]);
405 R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[15], W[ 3]);
406
407 // clang-format on
408
409 A = (digest[0] ^= A);
410 B = (digest[1] ^= B);
411 C = (digest[2] ^= C);
412 D = (digest[3] ^= D);
413 E = (digest[4] ^= E);
414 F = (digest[5] ^= F);
415 G = (digest[6] ^= G);
416 H = (digest[7] ^= H);
417 }
418
419 // NOLINTEND(*-container-data-pointer)
420}
421
422} // namespace Botan
Botan::SIMD_4x32
Definition simd_4x32.h:61
Botan::SIMD_4x32::load_be
static SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 load_be(const void *in) noexcept
Definition simd_4x32.h:189
Botan::SIMD_8x32
Definition simd_avx2.h:19
Botan::SIMD_8x32::load_be128
static BOTAN_FN_ISA_AVX2 SIMD_8x32 load_be128(const uint8_t in1[], const uint8_t in2[]) noexcept
Definition simd_avx2.h:101
Botan::SM3::block_bytes
static constexpr size_t block_bytes
Definition sm3.h:24
Botan::R2
void R2(uint32_t A, uint32_t &B, uint32_t C, uint32_t &D, uint32_t E, uint32_t &F, uint32_t G, uint32_t &H, uint32_t TJ, uint32_t Wi, uint32_t Wj)
Definition sm3_fn.h:43
Botan::rotl
BOTAN_FORCE_INLINE constexpr T rotl(T input)
Definition rotate.h:23
Botan::R1
void R1(uint32_t A, uint32_t &B, uint32_t C, uint32_t &D, uint32_t E, uint32_t &F, uint32_t G, uint32_t &H, uint32_t TJ, uint32_t Wi, uint32_t Wj)
Definition sm3_fn.h:21
Generated by doxygen 1.15.0