Botan 3.6.1
Crypto and TLS for C&
sm4_armv8.cpp
Go to the documentation of this file.
1/*
2* (C) 2018 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/sm4.h>
8#include <arm_neon.h>
9
10namespace Botan {
11
12namespace {
13
14alignas(16) static const uint8_t qswap_tbl[16] = {12, 13, 14, 15, 8, 9, 10, 11, 4, 5, 6, 7, 0, 1, 2, 3};
15
16alignas(16) static const uint8_t bswap_tbl[16] = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0};
17
18inline uint32x4_t qswap_32(uint32x4_t B) {
19 return vreinterpretq_u32_u8(vqtbl1q_u8(vreinterpretq_u8_u32(B), vld1q_u8(qswap_tbl)));
20}
21
22inline uint32x4_t bswap_32(uint32x4_t B) {
23 return vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(B)));
24}
25
26/*
27 Swap both the quad-words and bytes within each word
28 equivalent to return bswap_32(qswap_32(B))
29*/
30inline uint32x4_t bqswap_32(uint32x4_t B) {
31 return vreinterpretq_u32_u8(vqtbl1q_u8(vreinterpretq_u8_u32(B), vld1q_u8(bswap_tbl)));
32}
33
34inline void BOTAN_FUNC_ISA("arch=armv8.2-a+sm4")
35 SM4_E(uint32x4_t& B0, uint32x4_t& B1, uint32x4_t& B2, uint32x4_t& B3, uint32x4_t K) {
36 B0 = vsm4eq_u32(B0, K);
37 B1 = vsm4eq_u32(B1, K);
38 B2 = vsm4eq_u32(B2, K);
39 B3 = vsm4eq_u32(B3, K);
40}
41
42} // namespace
43
44void BOTAN_FUNC_ISA("arch=armv8.2-a+sm4") SM4::sm4_armv8_encrypt(const uint8_t input8[],
45 uint8_t output8[],
46 size_t blocks) const {
47 const uint32x4_t K0 = vld1q_u32(&m_RK[0]);
48 const uint32x4_t K1 = vld1q_u32(&m_RK[4]);
49 const uint32x4_t K2 = vld1q_u32(&m_RK[8]);
50 const uint32x4_t K3 = vld1q_u32(&m_RK[12]);
51 const uint32x4_t K4 = vld1q_u32(&m_RK[16]);
52 const uint32x4_t K5 = vld1q_u32(&m_RK[20]);
53 const uint32x4_t K6 = vld1q_u32(&m_RK[24]);
54 const uint32x4_t K7 = vld1q_u32(&m_RK[28]);
55
56 const uint32_t* input32 = reinterpret_cast<const uint32_t*>(reinterpret_cast<const void*>(input8));
57 uint32_t* output32 = reinterpret_cast<uint32_t*>(reinterpret_cast<void*>(output8));
58
59 while(blocks >= 4) {
60 uint32x4_t B0 = bswap_32(vld1q_u32(input32));
61 uint32x4_t B1 = bswap_32(vld1q_u32(input32 + 4));
62 uint32x4_t B2 = bswap_32(vld1q_u32(input32 + 8));
63 uint32x4_t B3 = bswap_32(vld1q_u32(input32 + 12));
64
65 SM4_E(B0, B1, B2, B3, K0);
66 SM4_E(B0, B1, B2, B3, K1);
67 SM4_E(B0, B1, B2, B3, K2);
68 SM4_E(B0, B1, B2, B3, K3);
69 SM4_E(B0, B1, B2, B3, K4);
70 SM4_E(B0, B1, B2, B3, K5);
71 SM4_E(B0, B1, B2, B3, K6);
72 SM4_E(B0, B1, B2, B3, K7);
73
74 vst1q_u32(output32, bqswap_32(B0));
75 vst1q_u32(output32 + 4, bqswap_32(B1));
76 vst1q_u32(output32 + 8, bqswap_32(B2));
77 vst1q_u32(output32 + 12, bqswap_32(B3));
78
79 input32 += 4 * 4;
80 output32 += 4 * 4;
81 blocks -= 4;
82 }
83
84 for(size_t i = 0; i != blocks; ++i) {
85 uint32x4_t B = bswap_32(vld1q_u32(input32));
86
87 B = vsm4eq_u32(B, K0);
88 B = vsm4eq_u32(B, K1);
89 B = vsm4eq_u32(B, K2);
90 B = vsm4eq_u32(B, K3);
91 B = vsm4eq_u32(B, K4);
92 B = vsm4eq_u32(B, K5);
93 B = vsm4eq_u32(B, K6);
94 B = vsm4eq_u32(B, K7);
95
96 vst1q_u32(output32, bqswap_32(B));
97
98 input32 += 4;
99 output32 += 4;
100 }
101}
102
103void BOTAN_FUNC_ISA("arch=armv8.2-a+sm4") SM4::sm4_armv8_decrypt(const uint8_t input8[],
104 uint8_t output8[],
105 size_t blocks) const {
106 const uint32x4_t K0 = qswap_32(vld1q_u32(&m_RK[0]));
107 const uint32x4_t K1 = qswap_32(vld1q_u32(&m_RK[4]));
108 const uint32x4_t K2 = qswap_32(vld1q_u32(&m_RK[8]));
109 const uint32x4_t K3 = qswap_32(vld1q_u32(&m_RK[12]));
110 const uint32x4_t K4 = qswap_32(vld1q_u32(&m_RK[16]));
111 const uint32x4_t K5 = qswap_32(vld1q_u32(&m_RK[20]));
112 const uint32x4_t K6 = qswap_32(vld1q_u32(&m_RK[24]));
113 const uint32x4_t K7 = qswap_32(vld1q_u32(&m_RK[28]));
114
115 const uint32_t* input32 = reinterpret_cast<const uint32_t*>(reinterpret_cast<const void*>(input8));
116 uint32_t* output32 = reinterpret_cast<uint32_t*>(reinterpret_cast<void*>(output8));
117
118 while(blocks >= 4) {
119 uint32x4_t B0 = bswap_32(vld1q_u32(input32));
120 uint32x4_t B1 = bswap_32(vld1q_u32(input32 + 4));
121 uint32x4_t B2 = bswap_32(vld1q_u32(input32 + 8));
122 uint32x4_t B3 = bswap_32(vld1q_u32(input32 + 12));
123
124 SM4_E(B0, B1, B2, B3, K7);
125 SM4_E(B0, B1, B2, B3, K6);
126 SM4_E(B0, B1, B2, B3, K5);
127 SM4_E(B0, B1, B2, B3, K4);
128 SM4_E(B0, B1, B2, B3, K3);
129 SM4_E(B0, B1, B2, B3, K2);
130 SM4_E(B0, B1, B2, B3, K1);
131 SM4_E(B0, B1, B2, B3, K0);
132
133 vst1q_u32(output32, bqswap_32(B0));
134 vst1q_u32(output32 + 4, bqswap_32(B1));
135 vst1q_u32(output32 + 8, bqswap_32(B2));
136 vst1q_u32(output32 + 12, bqswap_32(B3));
137
138 input32 += 4 * 4;
139 output32 += 4 * 4;
140 blocks -= 4;
141 }
142
143 for(size_t i = 0; i != blocks; ++i) {
144 uint32x4_t B = bswap_32(vld1q_u32(input32));
145
146 B = vsm4eq_u32(B, K7);
147 B = vsm4eq_u32(B, K6);
148 B = vsm4eq_u32(B, K5);
149 B = vsm4eq_u32(B, K4);
150 B = vsm4eq_u32(B, K3);
151 B = vsm4eq_u32(B, K2);
152 B = vsm4eq_u32(B, K1);
153 B = vsm4eq_u32(B, K0);
154
155 vst1q_u32(output32, bqswap_32(B));
156
157 input32 += 4;
158 output32 += 4;
159 }
160}
161
162} // namespace Botan
BOTAN_FUNC_ISA
#define BOTAN_FUNC_ISA(isa)
Definition compiler.h:92
Botan::AES_AARCH64::K2
uint8x16_t uint8x16_t K2
Definition aes_armv8.cpp:32
Generated by doxygen 1.12.0