Crypto++  8.2
Free C++ class library of cryptographic schemes
simeck_simd.cpp
1 // simeck_simd.cpp - written and placed in the public domain by Gangqiang Yang and Jeffrey Walton.
2 //
3 // This source file uses intrinsics and built-ins to gain access to
4 // SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate
5 // source file is needed because additional CXXFLAGS are required to enable
6 // the appropriate instructions sets in some build configurations.
7 
8 #include "pch.h"
9 #include "config.h"
10 
11 #include "simeck.h"
12 #include "misc.h"
13 
14 // Uncomment for benchmarking C++ against SSE or NEON.
15 // Do so in both simon.cpp and simon-simd.cpp.
16 // #undef CRYPTOPP_SSSE3_AVAILABLE
17 // #undef CRYPTOPP_ARM_NEON_AVAILABLE
18 
19 #if (CRYPTOPP_SSSE3_AVAILABLE)
20 # include "adv_simd.h"
21 # include <pmmintrin.h>
22 # include <tmmintrin.h>
23 #endif
24 
25 #if defined(__XOP__)
26 # include <ammintrin.h>
27 #endif
28 
29 #if defined(__AVX512F__)
30 # define CRYPTOPP_AVX512_ROTATE 1
31 # include <immintrin.h>
32 #endif
33 
34 // Squash MS LNK4221 and libtool warnings
35 extern const char SIMECK_SIMD_FNAME[] = __FILE__;
36 
37 ANONYMOUS_NAMESPACE_BEGIN
38 
39 using CryptoPP::word16;
40 using CryptoPP::word32;
41 
42 #if (CRYPTOPP_SSSE3_AVAILABLE)
43 
44 //////////////////////////////////////////////////////////////////////////
45 
46 template <unsigned int R>
47 inline __m128i RotateLeft32(const __m128i& val)
48 {
49 #if defined(CRYPTOPP_AVX512_ROTATE)
50  return _mm_rol_epi32(val, R);
51 #elif defined(__XOP__)
52  return _mm_roti_epi32(val, R);
53 #else
54  return _mm_or_si128(
55  _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R));
56 #endif
57 }
58 
59 template <unsigned int R>
60 inline __m128i RotateRight32(const __m128i& val)
61 {
62 #if defined(CRYPTOPP_AVX512_ROTATE)
63  return _mm_ror_epi32(val, R);
64 #elif defined(__XOP__)
65  return _mm_roti_epi32(val, 32-R);
66 #else
67  return _mm_or_si128(
68  _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R));
69 #endif
70 }
71 
72 // Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks.
73 template <>
74 inline __m128i RotateLeft32<8>(const __m128i& val)
75 {
76 #if defined(__XOP__)
77  return _mm_roti_epi32(val, 8);
78 #else
79  const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3);
80  return _mm_shuffle_epi8(val, mask);
81 #endif
82 }
83 
84 // Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks.
85 template <>
86 inline __m128i RotateRight32<8>(const __m128i& val)
87 {
88 #if defined(__XOP__)
89  return _mm_roti_epi32(val, 32-8);
90 #else
91  const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1);
92  return _mm_shuffle_epi8(val, mask);
93 #endif
94 }
95 
96 /// \brief Unpack XMM words
97 /// \tparam IDX the element from each XMM word
98 /// \param a the first XMM word
99 /// \param b the second XMM word
100 /// \param c the third XMM word
101 /// \param d the fourth XMM word
102 /// \details UnpackXMM selects the IDX element from a, b, c, d and returns a concatenation
103 /// equivalent to <tt>a[IDX] || b[IDX] || c[IDX] || d[IDX]</tt>.
104 template <unsigned int IDX>
105 inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
106 {
107  // Should not be instantiated
108  CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b);
109  CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d);
110  CRYPTOPP_ASSERT(0);
111  return _mm_setzero_si128();
112 }
113 
114 template <>
115 inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
116 {
117  const __m128i r1 = _mm_unpacklo_epi32(a, b);
118  const __m128i r2 = _mm_unpacklo_epi32(c, d);
119  return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2),
120  _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
121 }
122 
123 template <>
124 inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
125 {
126  const __m128i r1 = _mm_unpacklo_epi32(a, b);
127  const __m128i r2 = _mm_unpacklo_epi32(c, d);
128  return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2),
129  _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
130 }
131 
132 template <>
133 inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
134 {
135  const __m128i r1 = _mm_unpackhi_epi32(a, b);
136  const __m128i r2 = _mm_unpackhi_epi32(c, d);
137  return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2),
138  _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
139 }
140 
141 template <>
142 inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
143 {
144  const __m128i r1 = _mm_unpackhi_epi32(a, b);
145  const __m128i r2 = _mm_unpackhi_epi32(c, d);
146  return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2),
147  _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3));
148 }
149 
150 /// \brief Unpack a XMM word
151 /// \tparam IDX the element from each XMM word
152 /// \param v the first XMM word
153 /// \details UnpackXMM selects the IDX element from v and returns a concatenation
154 /// equivalent to <tt>v[IDX] || v[IDX] || v[IDX] || v[IDX]</tt>.
155 template <unsigned int IDX>
156 inline __m128i UnpackXMM(const __m128i& v)
157 {
158  // Should not be instantiated
159  CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0);
160  return _mm_setzero_si128();
161 }
162 
163 template <>
164 inline __m128i UnpackXMM<0>(const __m128i& v)
165 {
166  return _mm_shuffle_epi8(v, _mm_set_epi8(0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3));
167 }
168 
169 template <>
170 inline __m128i UnpackXMM<1>(const __m128i& v)
171 {
172  return _mm_shuffle_epi8(v, _mm_set_epi8(4,5,6,7, 4,5,6,7, 4,5,6,7, 4,5,6,7));
173 }
174 
175 template <>
176 inline __m128i UnpackXMM<2>(const __m128i& v)
177 {
178  return _mm_shuffle_epi8(v, _mm_set_epi8(8,9,10,11, 8,9,10,11, 8,9,10,11, 8,9,10,11));
179 }
180 
181 template <>
182 inline __m128i UnpackXMM<3>(const __m128i& v)
183 {
184  return _mm_shuffle_epi8(v, _mm_set_epi8(12,13,14,15, 12,13,14,15, 12,13,14,15, 12,13,14,15));
185 }
186 
187 template <unsigned int IDX>
188 inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d)
189 {
190  return UnpackXMM<IDX>(a, b, c, d);
191 }
192 
193 template <unsigned int IDX>
194 inline __m128i RepackXMM(const __m128i& v)
195 {
196  return UnpackXMM<IDX>(v);
197 }
198 
199 inline void SIMECK64_Encrypt(__m128i &a, __m128i &b, __m128i &c, __m128i &d, const __m128i key)
200 {
201  // SunStudio 12.3 workaround
202  __m128i s, t; s = a; t = c;
203  a = _mm_xor_si128(_mm_and_si128(a, RotateLeft32<5>(a)), RotateLeft32<1>(a));
204  c = _mm_xor_si128(_mm_and_si128(c, RotateLeft32<5>(c)), RotateLeft32<1>(c));
205  a = _mm_xor_si128(a, _mm_xor_si128(b, key));
206  c = _mm_xor_si128(c, _mm_xor_si128(d, key));
207  b = s; d = t;
208 }
209 
210 inline void SIMECK64_Enc_Block(__m128i &block0, const word32 *subkeys, unsigned int /*rounds*/)
211 {
212  // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
213  __m128i a = UnpackXMM<0>(block0);
214  __m128i b = UnpackXMM<1>(block0);
215  __m128i c = UnpackXMM<2>(block0);
216  __m128i d = UnpackXMM<3>(block0);
217 
218  const unsigned int rounds = 44;
219  for (int i = 0; i < static_cast<int>(rounds); i += 4)
220  {
221  const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i));
222  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
223  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
224  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
225  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
226  }
227 
228  // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
229  block0 = RepackXMM<0>(a,b,c,d);
230 }
231 
232 inline void SIMECK64_Dec_Block(__m128i &block0, const word32 *subkeys, unsigned int /*rounds*/)
233 {
234  // SIMECK requires a word swap for the decryption transform
235  __m128i w = _mm_shuffle_epi32(block0, _MM_SHUFFLE(2, 3, 0, 1));
236 
237  // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
238  __m128i a = UnpackXMM<0>(w);
239  __m128i b = UnpackXMM<1>(w);
240  __m128i c = UnpackXMM<2>(w);
241  __m128i d = UnpackXMM<3>(w);
242 
243  const unsigned int rounds = 44;
244  for (int i = static_cast<int>(rounds)-1; i >= 0; i -= 4)
245  {
246  const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i - 3));
247  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
248  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
249  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
250  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
251  }
252 
253  // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
254  w = RepackXMM<0>(a,b,c,d);
255 
256  block0 = _mm_shuffle_epi32(w, _MM_SHUFFLE(2, 3, 0, 1));
257 }
258 
259 inline void SIMECK64_Enc_4_Blocks(__m128i &block0, __m128i &block1,
260  __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/)
261 {
262  // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
263  __m128i a = UnpackXMM<0>(block0, block1, block2, block3);
264  __m128i b = UnpackXMM<1>(block0, block1, block2, block3);
265  __m128i c = UnpackXMM<2>(block0, block1, block2, block3);
266  __m128i d = UnpackXMM<3>(block0, block1, block2, block3);
267 
268  const unsigned int rounds = 44;
269  for (int i = 0; i < static_cast<int>(rounds); i += 4)
270  {
271  const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i));
272  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
273  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
274  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
275  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
276  }
277 
278  // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
279  block0 = RepackXMM<0>(a, b, c, d);
280  block1 = RepackXMM<1>(a, b, c, d);
281  block2 = RepackXMM<2>(a, b, c, d);
282  block3 = RepackXMM<3>(a, b, c, d);
283 }
284 
285 inline void SIMECK64_Dec_4_Blocks(__m128i &block0, __m128i &block1,
286  __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/)
287 {
288  // SIMECK requires a word swap for the decryption transform
289  __m128i w = _mm_shuffle_epi32(block0, _MM_SHUFFLE(2, 3, 0, 1));
290  __m128i x = _mm_shuffle_epi32(block1, _MM_SHUFFLE(2, 3, 0, 1));
291  __m128i y = _mm_shuffle_epi32(block2, _MM_SHUFFLE(2, 3, 0, 1));
292  __m128i z = _mm_shuffle_epi32(block3, _MM_SHUFFLE(2, 3, 0, 1));
293 
294  // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ...
295  __m128i a = UnpackXMM<0>(w, x, y, z);
296  __m128i b = UnpackXMM<1>(w, x, y, z);
297  __m128i c = UnpackXMM<2>(w, x, y, z);
298  __m128i d = UnpackXMM<3>(w, x, y, z);
299 
300  const unsigned int rounds = 44;
301  for (int i = static_cast<int>(rounds)-1; i >= 0; i -= 4)
302  {
303  const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i - 3));
304  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3)));
305  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2)));
306  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1)));
307  SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0)));
308  }
309 
310  // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ...
311  w = RepackXMM<0>(a, b, c, d);
312  x = RepackXMM<1>(a, b, c, d);
313  y = RepackXMM<2>(a, b, c, d);
314  z = RepackXMM<3>(a, b, c, d);
315 
316  block0 = _mm_shuffle_epi32(w, _MM_SHUFFLE(2, 3, 0, 1));
317  block1 = _mm_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1));
318  block2 = _mm_shuffle_epi32(y, _MM_SHUFFLE(2, 3, 0, 1));
319  block3 = _mm_shuffle_epi32(z, _MM_SHUFFLE(2, 3, 0, 1));
320 }
321 
322 #endif // CRYPTOPP_SSSE3_AVAILABLE
323 
324 ANONYMOUS_NAMESPACE_END
325 
326 NAMESPACE_BEGIN(CryptoPP)
327 
328 #if defined(CRYPTOPP_SSSE3_AVAILABLE)
329 size_t SIMECK64_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
330  const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags)
331 {
332  return AdvancedProcessBlocks64_4x1_SSE(SIMECK64_Enc_Block, SIMECK64_Enc_4_Blocks,
333  subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags);
334 }
335 
336 size_t SIMECK64_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds,
337  const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags)
338 {
339  return AdvancedProcessBlocks64_4x1_SSE(SIMECK64_Dec_Block, SIMECK64_Dec_4_Blocks,
340  subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags);
341 }
342 #endif // CRYPTOPP_SSSE3_AVAILABLE
343 
344 NAMESPACE_END
Utility functions for the Crypto++ library.
Library configuration file.
Classes for the SIMECK block cipher.
Template for AdvancedProcessBlocks and SIMD processing.
Precompiled header file.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:69
Crypto++ library namespace.