Crypto++ 8.2
Free C&
simeck_simd.cpp
1// simeck_simd.cpp - written and placed in the public domain by Gangqiang Yang and Jeffrey Walton.
2//
3// This source file uses intrinsics and built-ins to gain access to
4// SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate
5// source file is needed because additional CXXFLAGS are required to enable
6// the appropriate instructions sets in some build configurations.
7
8#include "pch.h"
9#include "config.h"
10
11#include "simeck.h"
12#include "misc.h"
13
14// Uncomment for benchmarking C++ against SSE or NEON.
15// Do so in both simon.cpp and simon-simd.cpp.
16// #undef CRYPTOPP_SSSE3_AVAILABLE
17// #undef CRYPTOPP_ARM_NEON_AVAILABLE
18
19#if (CRYPTOPP_SSSE3_AVAILABLE)
20# include "adv_simd.h"
21# include <pmmintrin.h>
22# include <tmmintrin.h>
23#endif
24
25#if defined(__XOP__)
26# include <ammintrin.h>
27#endif
28
29#if defined(__AVX512F__)
30# define CRYPTOPP_AVX512_ROTATE 1
31# include <immintrin.h>
32#endif
33
34// Squash MS LNK4221 and libtool warnings
35extern const char SIMECK_SIMD_FNAME[] = __FILE__;
36
37ANONYMOUS_NAMESPACE_BEGIN
38
39using CryptoPP::word16;
40using CryptoPP::word32;
41
42#if (CRYPTOPP_SSSE3_AVAILABLE)
43
44//////////////////////////////////////////////////////////////////////////
45
46template <unsigned int R>
47inline __m128i RotateLeft32(const __m128i& val)
48{
49#if defined(CRYPTOPP_AVX512_ROTATE)
50 return _mm_rol_epi32(val, R);
51#elif defined(__XOP__)
52 return _mm_roti_epi32(val, R);
53#else
54 return _mm_or_si128(
55 _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R));
56#endif
57}
58
59template <unsigned int R>
60inline __m128i RotateRight32(const __m128i& val)
61{
62#if defined(CRYPTOPP_AVX512_ROTATE)
63 return _mm_ror_epi32(val, R);
64#elif defined(__XOP__)
65 return _mm_roti_epi32(val, 32-R);
66#else
67 return _mm_or_si128(
68 _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R));
69#endif
70}
71
72// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks.
73template <>
74inline __m128i RotateLeft32<8>(const __m128i& val)
75{
76#if defined(__XOP__)
77 return _mm_roti_epi32(val, 8);
78#else
79 const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3);
80 return _mm_shuffle_epi8(val, mask);
81#endif
82}
83
84// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks.
85template <>
86inline __m128i RotateRight32<8>(const __m128i& val)
87{
88#if defined(__XOP__)
89 return _mm_roti_epi32(val, 32-8);
90#else
91 const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1);
92 return _mm_shuffle_epi8(val, mask);
93#endif
94}
95
96/// \brief Unpack XMM words
97/// \tparam IDX the element from each XMM word
98/// \param a the first XMM word
99/// \param b the second XMM word
100/// \param c the third XMM word
101/// \param d the fourth XMM word
102/// \details UnpackXMM selects the IDX element from a, b, c, d and returns a concatenation
103/// equivalent to <tt>a[IDX] || b[IDX] || c[IDX] || d[IDX]</tt>.
104template <unsigned int IDX>
105inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
106{
107 // Should not be instantiated
108 CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b);
109 CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d);
111 return _mm_setzero_si128();
112}
113
114template <>
115inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
116{
117 const __m128i r1 = _mm_unpacklo_epi32(a, b);
118 const __m128i r2 = _mm_unpacklo_epi32(c, d);
119 return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2),
120 _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
121}
122
123template <>
124inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
125{
126 const __m128i r1 = _mm_unpacklo_epi32(a, b);
127 const __m128i r2 = _mm_unpacklo_epi32(c, d);
128 return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2),
129 _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
130}
131
132template <>
133inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
134{
135 const __m128i r1 = _mm_unpackhi_epi32(a, b);
136 const __m128i r2 = _mm_unpackhi_epi32(c, d);
137 return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2),
138 _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
139}
140
141template <>
142inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
143{
144 const __m128i r1 = _mm_unpackhi_epi32(a, b);
145 const __m128i r2 = _mm_unpackhi_epi32(c, d);
146 return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2),
147 _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
148}
149
150/// \brief Unpack a XMM word
151/// \tparam IDX the element from each XMM word
152/// \param v the first XMM word
153/// \details UnpackXMM selects the IDX element from v and returns a concatenation
154/// equivalent to <tt>v[IDX] || v[IDX] || v[IDX] || v[IDX]</tt>.
155template <unsigned int IDX>
156inline __m128i UnpackXMM(const __m128i& v)
157{
158 // Should not be instantiated
159 CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0);
160 return _mm_setzero_si128();
161}
162
163template <>
164inline __m128i UnpackXMM<0>(const __m128i& v)
165{
166 return _mm_shuffle_epi8(v, _mm_set_epi8(0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3));
167}
168
169template <>
170inline __m128i UnpackXMM<1>(const __m128i& v)
171{
172 return _mm_shuffle_epi8(v, _mm_set_epi8(4,5,6,7, 4,5,6,7, 4,5,6,7, 4,5,6,7));
173}
174
175template <>
176inline __m128i UnpackXMM<2>(const __m128i& v)
177{
178 return _mm_shuffle_epi8(v, _mm_set_epi8(8,9,10,11, 8,9,10,11, 8,9,10,11, 8,9,10,11));
179}
180
181template <>
182inline __m128i UnpackXMM<3>(const __m128i& v)
183{
184 return _mm_shuffle_epi8(v, _mm_set_epi8(12,13,14,15, 12,13,14,15, 12,13,14,15, 12,13,14,15));
185}
186
187template <unsigned int IDX>
188inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
189{
190 return UnpackXMM<IDX>(a, b, c, d);
191}
192
193template <unsigned int IDX>
194inline __m128i RepackXMM(const __m128i& v)
195{
196 return UnpackXMM<IDX>(v);
197}
198
199inline void SIMECK64_Encrypt(__m128i &a, __m128i &b, __m128i &c, __m128i &d, const __m128i key)
200{
201 // SunStudio 12.3 workaround
202 __m128i s, t; s = a; t = c;
203 a = _mm_xor_si128(_mm_and_si128(a, RotateLeft32<5>(a)), RotateLeft32<1>(a));
204 c = _mm_xor_si128(_mm_and_si128(c, RotateLeft32<5>(c)), RotateLeft32<1>(c));
205 a = _mm_xor_si128(a, _mm_xor_si128(b, key));
206 c = _mm_xor_si128(c, _mm_xor_si128(d, key));
207 b = s; d = t;
208}
209
210inline void SIMECK64_Enc_Block(__m128i &block0, const word32 *subkeys, unsigned int /*rounds*/)
211{
212 // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
213 __m128i a = UnpackXMM<0>(block0);
214 __m128i b = UnpackXMM<1>(block0);
215 __m128i c = UnpackXMM<2>(block0);
216 __m128i d = UnpackXMM<3>(block0);
217
218 const unsigned int rounds = 44;
219 for (int i = 0; i < static_cast<int>(rounds); i += 4)
220 {
221 const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i));
222 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
223 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
224 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
225 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
226 }
227
228 // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
229 block0 = RepackXMM<0>(a,b,c,d);
230}
231
232inline void SIMECK64_Dec_Block(__m128i &block0, const word32 *subkeys, unsigned int /*rounds*/)
233{
234 // SIMECK requires a word swap for the decryption transform
235 __m128i w = _mm_shuffle_epi32(block0, _MM_SHUFFLE(2, 3, 0, 1));
236
237 // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
238 __m128i a = UnpackXMM<0>(w);
239 __m128i b = UnpackXMM<1>(w);
240 __m128i c = UnpackXMM<2>(w);
241 __m128i d = UnpackXMM<3>(w);
242
243 const unsigned int rounds = 44;
244 for (int i = static_cast<int>(rounds)-1; i >= 0; i -= 4)
245 {
246 const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i - 3));
247 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
248 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
249 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
250 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
251 }
252
253 // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
254 w = RepackXMM<0>(a,b,c,d);
255
256 block0 = _mm_shuffle_epi32(w, _MM_SHUFFLE(2, 3, 0, 1));
257}
258
259inline void SIMECK64_Enc_4_Blocks(__m128i &block0, __m128i &block1,
260 __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/)
261{
262 // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
263 __m128i a = UnpackXMM<0>(block0, block1, block2, block3);
264 __m128i b = UnpackXMM<1>(block0, block1, block2, block3);
265 __m128i c = UnpackXMM<2>(block0, block1, block2, block3);
266 __m128i d = UnpackXMM<3>(block0, block1, block2, block3);
267
268 const unsigned int rounds = 44;
269 for (int i = 0; i < static_cast<int>(rounds); i += 4)
270 {
271 const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i));
272 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
273 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
274 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
275 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
276 }
277
278 // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
279 block0 = RepackXMM<0>(a, b, c, d);
280 block1 = RepackXMM<1>(a, b, c, d);
281 block2 = RepackXMM<2>(a, b, c, d);
282 block3 = RepackXMM<3>(a, b, c, d);
283}
284
285inline void SIMECK64_Dec_4_Blocks(__m128i &block0, __m128i &block1,
286 __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/)
287{
288 // SIMECK requires a word swap for the decryption transform
289 __m128i w = _mm_shuffle_epi32(block0, _MM_SHUFFLE(2, 3, 0, 1));
290 __m128i x = _mm_shuffle_epi32(block1, _MM_SHUFFLE(2, 3, 0, 1));
291 __m128i y = _mm_shuffle_epi32(block2, _MM_SHUFFLE(2, 3, 0, 1));
292 __m128i z = _mm_shuffle_epi32(block3, _MM_SHUFFLE(2, 3, 0, 1));
293
294 // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
295 __m128i a = UnpackXMM<0>(w, x, y, z);
296 __m128i b = UnpackXMM<1>(w, x, y, z);
297 __m128i c = UnpackXMM<2>(w, x, y, z);
298 __m128i d = UnpackXMM<3>(w, x, y, z);
299
300 const unsigned int rounds = 44;
301 for (int i = static_cast<int>(rounds)-1; i >= 0; i -= 4)
302 {
303 const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i - 3));
304 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
305 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
306 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
307 SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
308 }
309
310 // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
311 w = RepackXMM<0>(a, b, c, d);
312 x = RepackXMM<1>(a, b, c, d);
313 y = RepackXMM<2>(a, b, c, d);
314 z = RepackXMM<3>(a, b, c, d);
315
316 block0 = _mm_shuffle_epi32(w, _MM_SHUFFLE(2, 3, 0, 1));
317 block1 = _mm_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1));
318 block2 = _mm_shuffle_epi32(y, _MM_SHUFFLE(2, 3, 0, 1));
319 block3 = _mm_shuffle_epi32(z, _MM_SHUFFLE(2, 3, 0, 1));
320}
321
322#endif // CRYPTOPP_SSSE3_AVAILABLE
323
324ANONYMOUS_NAMESPACE_END
325
326NAMESPACE_BEGIN(CryptoPP)
327
328#if defined(CRYPTOPP_SSSE3_AVAILABLE)
329size_t SIMECK64_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
330 const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags)
331{
332 return AdvancedProcessBlocks64_4x1_SSE(SIMECK64_Enc_Block, SIMECK64_Enc_4_Blocks,
333 subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags);
334}
335
336size_t SIMECK64_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
337 const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags)
338{
339 return AdvancedProcessBlocks64_4x1_SSE(SIMECK64_Dec_Block, SIMECK64_Dec_4_Blocks,
340 subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags);
341}
342#endif // CRYPTOPP_SSSE3_AVAILABLE
343
344NAMESPACE_END
Template for AdvancedProcessBlocks and SIMD processing.
Library configuration file.
Utility functions for the Crypto++ library.
Crypto++ library namespace.
Precompiled header file.
Classes for the SIMECK block cipher.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:69