/src/botan/src/lib/stream/chacha/chacha_avx2/chacha_avx2.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * (C) 2018 Jack Lloyd |
3 | | * |
4 | | * Botan is released under the Simplified BSD License (see license.txt) |
5 | | */ |
6 | | |
7 | | #include <botan/internal/chacha.h> |
8 | | |
9 | | #include <botan/internal/simd_avx2.h> |
10 | | |
11 | | namespace Botan { |
12 | | |
13 | | //static |
14 | | BOTAN_AVX2_FN |
15 | 18.9k | void ChaCha::chacha_avx2_x8(uint8_t output[64 * 8], uint32_t state[16], size_t rounds) { |
16 | 18.9k | SIMD_8x32::reset_registers(); |
17 | | |
18 | 18.9k | BOTAN_ASSERT(rounds % 2 == 0, "Valid rounds"); |
19 | 18.9k | const SIMD_8x32 CTR0 = SIMD_8x32(0, 1, 2, 3, 4, 5, 6, 7); |
20 | | |
21 | 18.9k | const uint32_t C = 0xFFFFFFFF - state[12]; |
22 | 18.9k | const SIMD_8x32 CTR1 = SIMD_8x32(0, C < 1, C < 2, C < 3, C < 4, C < 5, C < 6, C < 7); |
23 | | |
24 | 18.9k | SIMD_8x32 R00 = SIMD_8x32::splat(state[0]); |
25 | 18.9k | SIMD_8x32 R01 = SIMD_8x32::splat(state[1]); |
26 | 18.9k | SIMD_8x32 R02 = SIMD_8x32::splat(state[2]); |
27 | 18.9k | SIMD_8x32 R03 = SIMD_8x32::splat(state[3]); |
28 | 18.9k | SIMD_8x32 R04 = SIMD_8x32::splat(state[4]); |
29 | 18.9k | SIMD_8x32 R05 = SIMD_8x32::splat(state[5]); |
30 | 18.9k | SIMD_8x32 R06 = SIMD_8x32::splat(state[6]); |
31 | 18.9k | SIMD_8x32 R07 = SIMD_8x32::splat(state[7]); |
32 | 18.9k | SIMD_8x32 R08 = SIMD_8x32::splat(state[8]); |
33 | 18.9k | SIMD_8x32 R09 = SIMD_8x32::splat(state[9]); |
34 | 18.9k | SIMD_8x32 R10 = SIMD_8x32::splat(state[10]); |
35 | 18.9k | SIMD_8x32 R11 = SIMD_8x32::splat(state[11]); |
36 | 18.9k | SIMD_8x32 R12 = SIMD_8x32::splat(state[12]) + CTR0; |
37 | 18.9k | SIMD_8x32 R13 = SIMD_8x32::splat(state[13]) + CTR1; |
38 | 18.9k | SIMD_8x32 R14 = SIMD_8x32::splat(state[14]); |
39 | 18.9k | SIMD_8x32 R15 = SIMD_8x32::splat(state[15]); |
40 | | |
41 | 208k | for(size_t r = 0; r != rounds / 2; ++r) { |
42 | 189k | R00 += R04; |
43 | 189k | R01 += R05; |
44 | 189k | R02 += R06; |
45 | 189k | R03 += R07; |
46 | | |
47 | 189k | R12 ^= R00; |
48 | 189k | R13 ^= R01; |
49 | 189k | R14 ^= R02; |
50 | 189k | R15 ^= R03; |
51 | | |
52 | 189k | R12 = R12.rotl<16>(); |
53 | 189k | R13 = R13.rotl<16>(); |
54 | 189k | R14 = R14.rotl<16>(); |
55 | 189k | R15 = R15.rotl<16>(); |
56 | | |
57 | 189k | R08 += R12; |
58 | 189k | R09 += R13; |
59 | 189k | R10 += R14; |
60 | 189k | R11 += R15; |
61 | | |
62 | 189k | R04 ^= R08; |
63 | 189k | R05 ^= R09; |
64 | 189k | R06 ^= R10; |
65 | 189k | R07 ^= R11; |
66 | | |
67 | 189k | R04 = R04.rotl<12>(); |
68 | 189k | R05 = R05.rotl<12>(); |
69 | 189k | R06 = R06.rotl<12>(); |
70 | 189k | R07 = R07.rotl<12>(); |
71 | | |
72 | 189k | R00 += R04; |
73 | 189k | R01 += R05; |
74 | 189k | R02 += R06; |
75 | 189k | R03 += R07; |
76 | | |
77 | 189k | R12 ^= R00; |
78 | 189k | R13 ^= R01; |
79 | 189k | R14 ^= R02; |
80 | 189k | R15 ^= R03; |
81 | | |
82 | 189k | R12 = R12.rotl<8>(); |
83 | 189k | R13 = R13.rotl<8>(); |
84 | 189k | R14 = R14.rotl<8>(); |
85 | 189k | R15 = R15.rotl<8>(); |
86 | | |
87 | 189k | R08 += R12; |
88 | 189k | R09 += R13; |
89 | 189k | R10 += R14; |
90 | 189k | R11 += R15; |
91 | | |
92 | 189k | R04 ^= R08; |
93 | 189k | R05 ^= R09; |
94 | 189k | R06 ^= R10; |
95 | 189k | R07 ^= R11; |
96 | | |
97 | 189k | R04 = R04.rotl<7>(); |
98 | 189k | R05 = R05.rotl<7>(); |
99 | 189k | R06 = R06.rotl<7>(); |
100 | 189k | R07 = R07.rotl<7>(); |
101 | | |
102 | 189k | R00 += R05; |
103 | 189k | R01 += R06; |
104 | 189k | R02 += R07; |
105 | 189k | R03 += R04; |
106 | | |
107 | 189k | R15 ^= R00; |
108 | 189k | R12 ^= R01; |
109 | 189k | R13 ^= R02; |
110 | 189k | R14 ^= R03; |
111 | | |
112 | 189k | R15 = R15.rotl<16>(); |
113 | 189k | R12 = R12.rotl<16>(); |
114 | 189k | R13 = R13.rotl<16>(); |
115 | 189k | R14 = R14.rotl<16>(); |
116 | | |
117 | 189k | R10 += R15; |
118 | 189k | R11 += R12; |
119 | 189k | R08 += R13; |
120 | 189k | R09 += R14; |
121 | | |
122 | 189k | R05 ^= R10; |
123 | 189k | R06 ^= R11; |
124 | 189k | R07 ^= R08; |
125 | 189k | R04 ^= R09; |
126 | | |
127 | 189k | R05 = R05.rotl<12>(); |
128 | 189k | R06 = R06.rotl<12>(); |
129 | 189k | R07 = R07.rotl<12>(); |
130 | 189k | R04 = R04.rotl<12>(); |
131 | | |
132 | 189k | R00 += R05; |
133 | 189k | R01 += R06; |
134 | 189k | R02 += R07; |
135 | 189k | R03 += R04; |
136 | | |
137 | 189k | R15 ^= R00; |
138 | 189k | R12 ^= R01; |
139 | 189k | R13 ^= R02; |
140 | 189k | R14 ^= R03; |
141 | | |
142 | 189k | R15 = R15.rotl<8>(); |
143 | 189k | R12 = R12.rotl<8>(); |
144 | 189k | R13 = R13.rotl<8>(); |
145 | 189k | R14 = R14.rotl<8>(); |
146 | | |
147 | 189k | R10 += R15; |
148 | 189k | R11 += R12; |
149 | 189k | R08 += R13; |
150 | 189k | R09 += R14; |
151 | | |
152 | 189k | R05 ^= R10; |
153 | 189k | R06 ^= R11; |
154 | 189k | R07 ^= R08; |
155 | 189k | R04 ^= R09; |
156 | | |
157 | 189k | R05 = R05.rotl<7>(); |
158 | 189k | R06 = R06.rotl<7>(); |
159 | 189k | R07 = R07.rotl<7>(); |
160 | 189k | R04 = R04.rotl<7>(); |
161 | 189k | } |
162 | | |
163 | 18.9k | R00 += SIMD_8x32::splat(state[0]); |
164 | 18.9k | R01 += SIMD_8x32::splat(state[1]); |
165 | 18.9k | R02 += SIMD_8x32::splat(state[2]); |
166 | 18.9k | R03 += SIMD_8x32::splat(state[3]); |
167 | 18.9k | R04 += SIMD_8x32::splat(state[4]); |
168 | 18.9k | R05 += SIMD_8x32::splat(state[5]); |
169 | 18.9k | R06 += SIMD_8x32::splat(state[6]); |
170 | 18.9k | R07 += SIMD_8x32::splat(state[7]); |
171 | 18.9k | R08 += SIMD_8x32::splat(state[8]); |
172 | 18.9k | R09 += SIMD_8x32::splat(state[9]); |
173 | 18.9k | R10 += SIMD_8x32::splat(state[10]); |
174 | 18.9k | R11 += SIMD_8x32::splat(state[11]); |
175 | 18.9k | R12 += SIMD_8x32::splat(state[12]) + CTR0; |
176 | 18.9k | R13 += SIMD_8x32::splat(state[13]) + CTR1; |
177 | 18.9k | R14 += SIMD_8x32::splat(state[14]); |
178 | 18.9k | R15 += SIMD_8x32::splat(state[15]); |
179 | | |
180 | 18.9k | SIMD_8x32::transpose(R00, R01, R02, R03, R04, R05, R06, R07); |
181 | 18.9k | SIMD_8x32::transpose(R08, R09, R10, R11, R12, R13, R14, R15); |
182 | | |
183 | 18.9k | R00.store_le(output); |
184 | 18.9k | R08.store_le(output + 32 * 1); |
185 | 18.9k | R01.store_le(output + 32 * 2); |
186 | 18.9k | R09.store_le(output + 32 * 3); |
187 | 18.9k | R02.store_le(output + 32 * 4); |
188 | 18.9k | R10.store_le(output + 32 * 5); |
189 | 18.9k | R03.store_le(output + 32 * 6); |
190 | 18.9k | R11.store_le(output + 32 * 7); |
191 | 18.9k | R04.store_le(output + 32 * 8); |
192 | 18.9k | R12.store_le(output + 32 * 9); |
193 | 18.9k | R05.store_le(output + 32 * 10); |
194 | 18.9k | R13.store_le(output + 32 * 11); |
195 | 18.9k | R06.store_le(output + 32 * 12); |
196 | 18.9k | R14.store_le(output + 32 * 13); |
197 | 18.9k | R07.store_le(output + 32 * 14); |
198 | 18.9k | R15.store_le(output + 32 * 15); |
199 | | |
200 | 18.9k | SIMD_8x32::zero_registers(); |
201 | | |
202 | 18.9k | state[12] += 8; |
203 | 18.9k | if(state[12] < 8) { |
204 | 0 | state[13]++; |
205 | 0 | } |
206 | 18.9k | } |
207 | | } // namespace Botan |