Crypto++  8.2
Free C++ class library of cryptographic schemes
aria_simd.cpp
1 // aria_simd.cpp - written and placed in the public domain by
2 // Jeffrey Walton, Uri Blumenthal and Marcel Raad.
3 //
4 // This source file uses intrinsics to gain access to ARMv7a and
5 // ARMv8a NEON instructions. A separate source file is needed
6 // because additional CXXFLAGS are required to enable the
7 // appropriate instructions sets in some build configurations.
8 
9 #include "pch.h"
10 #include "config.h"
11 #include "misc.h"
12 
13 #if (CRYPTOPP_SSSE3_AVAILABLE)
14 # include <tmmintrin.h>
15 #endif
16 
17 // C1189: error: This header is specific to ARM targets
18 #if (CRYPTOPP_ARM_NEON_AVAILABLE) && !defined(_M_ARM64)
19 # include <arm_neon.h>
20 #endif
21 
22 #if (CRYPTOPP_ARM_ACLE_AVAILABLE)
23 # include <stdint.h>
24 # include <arm_acle.h>
25 #endif
26 
27 // Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670
28 #define M128_CAST(x) ((__m128i *)(void *)(x))
29 #define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
30 
31 NAMESPACE_BEGIN(CryptoPP)
32 NAMESPACE_BEGIN(ARIATab)
33 
34 extern const word32 S1[256];
35 extern const word32 S2[256];
36 extern const word32 X1[256];
37 extern const word32 X2[256];
38 extern const word32 KRK[3][4];
39 
40 NAMESPACE_END
41 NAMESPACE_END
42 
43 ANONYMOUS_NAMESPACE_BEGIN
44 
45 using CryptoPP::byte;
46 using CryptoPP::word32;
47 
48 inline byte ARIA_BRF(const word32 x, const int y) {
49  return static_cast<byte>(GETBYTE(x, y));
50 }
51 
52 ANONYMOUS_NAMESPACE_END
53 
54 NAMESPACE_BEGIN(CryptoPP)
55 
56 using CryptoPP::ARIATab::S1;
57 using CryptoPP::ARIATab::S2;
58 using CryptoPP::ARIATab::X1;
59 using CryptoPP::ARIATab::X2;
60 using CryptoPP::ARIATab::KRK;
61 
62 #if (CRYPTOPP_ARM_NEON_AVAILABLE)
63 
64 template <unsigned int N>
65 inline void ARIA_GSRK_NEON(const uint32x4_t X, const uint32x4_t Y, byte RK[16])
66 {
67  enum { Q1 = (4-(N/32)) % 4,
68  Q2 = (3-(N/32)) % 4,
69  R = N % 32
70  };
71 
72  vst1q_u8(RK, vreinterpretq_u8_u32(
73  veorq_u32(X, veorq_u32(
74  vshrq_n_u32(vextq_u32(Y, Y, Q1), R),
75  vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R)))));
76 }
77 
78 void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen)
79 {
80  const uint32x4_t w0 = vld1q_u32(ws+ 0);
81  const uint32x4_t w1 = vld1q_u32(ws+ 8);
82  const uint32x4_t w2 = vld1q_u32(ws+12);
83  const uint32x4_t w3 = vld1q_u32(ws+16);
84 
85  ARIA_GSRK_NEON<19>(w0, w1, rk + 0);
86  ARIA_GSRK_NEON<19>(w1, w2, rk + 16);
87  ARIA_GSRK_NEON<19>(w2, w3, rk + 32);
88  ARIA_GSRK_NEON<19>(w3, w0, rk + 48);
89  ARIA_GSRK_NEON<31>(w0, w1, rk + 64);
90  ARIA_GSRK_NEON<31>(w1, w2, rk + 80);
91  ARIA_GSRK_NEON<31>(w2, w3, rk + 96);
92  ARIA_GSRK_NEON<31>(w3, w0, rk + 112);
93  ARIA_GSRK_NEON<67>(w0, w1, rk + 128);
94  ARIA_GSRK_NEON<67>(w1, w2, rk + 144);
95  ARIA_GSRK_NEON<67>(w2, w3, rk + 160);
96  ARIA_GSRK_NEON<67>(w3, w0, rk + 176);
97  ARIA_GSRK_NEON<97>(w0, w1, rk + 192);
98 
99  if (keylen > 16)
100  {
101  ARIA_GSRK_NEON<97>(w1, w2, rk + 208);
102  ARIA_GSRK_NEON<97>(w2, w3, rk + 224);
103 
104  if (keylen > 24)
105  {
106  ARIA_GSRK_NEON< 97>(w3, w0, rk + 240);
107  ARIA_GSRK_NEON<109>(w0, w1, rk + 256);
108  }
109  }
110 }
111 
112 void ARIA_ProcessAndXorBlock_NEON(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t)
113 {
114  outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] );
115  outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
116  outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] );
117  outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] );
118  outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] );
119  outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
120  outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] );
121  outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] );
122  outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] );
123  outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
124  outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] );
125  outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] );
126  outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] );
127  outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
128  outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] );
129  outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] );
130 
131  // 'outBlock' and 'xorBlock' may be unaligned.
132  if (xorBlock != NULLPTR)
133  {
134  vst1q_u8(outBlock,
135  veorq_u8(
136  vld1q_u8(xorBlock),
137  veorq_u8(
138  vld1q_u8(outBlock),
139  vrev32q_u8(vld1q_u8((rk))))));
140  }
141  else
142  {
143  vst1q_u8(outBlock,
144  veorq_u8(
145  vld1q_u8(outBlock),
146  vrev32q_u8(vld1q_u8(rk))));
147  }
148 }
149 
150 #endif // CRYPTOPP_ARM_NEON_AVAILABLE
151 
152 #if (CRYPTOPP_SSSE3_AVAILABLE)
153 
154 void ARIA_ProcessAndXorBlock_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t)
155 {
156  const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3);
157 
158  outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] );
159  outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8);
160  outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] );
161  outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] );
162  outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] );
163  outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8);
164  outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] );
165  outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] );
166  outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] );
167  outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8);
168  outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] );
169  outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] );
170  outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] );
171  outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8);
172  outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] );
173  outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] );
174 
175  // 'outBlock' and 'xorBlock' may be unaligned.
176  if (xorBlock != NULLPTR)
177  {
178  _mm_storeu_si128(M128_CAST(outBlock),
179  _mm_xor_si128(
180  _mm_loadu_si128(CONST_M128_CAST(xorBlock)),
181  _mm_xor_si128(
182  _mm_loadu_si128(CONST_M128_CAST(outBlock)),
183  _mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK)))
184  );
185  }
186  else
187  {
188  _mm_storeu_si128(M128_CAST(outBlock),
189  _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(outBlock)),
190  _mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK)));
191  }
192 }
193 
194 #endif // CRYPTOPP_SSSE3_AVAILABLE
195 
196 NAMESPACE_END
Utility functions for the Crypto++ library.
Library configuration file.
Precompiled header file.
Crypto++ library namespace.