crypto: unroll Echo512's FullStateRound()

kwvg · kwvg · commit 31f93ad93e09 · 2025-09-22T09:52:06.000Z
Also lets us get rid of an extra unnecessary pack/unpack
diff --git a/src/crypto/x11/arm_crypto/echo.cpp b/src/crypto/x11/arm_crypto/echo.cpp
@@ -5,32 +5,65 @@
 #if defined(ENABLE_ARM_AES)
 #include <crypto/x11/util/util.hpp>
 
-#include <cstdint>
+#include <cstddef>
 
 #include <arm_neon.h>
 
 namespace sapphire {
-namespace arm_crypto_echo {
-void FullStateRound(uint64_t W[16][2], uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3)
+namespace {
+void ALWAYS_INLINE StateRound(uint64_t W[16][2], size_t idx, uint8x16_t& key, uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3)
 {
-    uint8x16_t key = util::pack_le(k0, k1, k2, k3);
-    for (int n = 0; n < 16; n++) {
-        uint8x16_t block = vreinterpretq_u8_u64(vld1q_u64(&W[n][0]));
-        block = util::aes_round(block, key);
-        block = util::aes_round_nk(block);
-        vst1q_u64(&W[n][0], vreinterpretq_u64_u8(block));
+    uint8x16_t block = vreinterpretq_u8_u64(vld1q_u64(&W[idx][0]));
+    block = util::aes_round(block, key);
+    block = util::aes_round_nk(block);
+    vst1q_u64(&W[idx][0], vreinterpretq_u64_u8(block));
 
-        util::unpack_le(key, k0, k1, k2, k3);
-        if ((k0 = (k0 + 1)) == 0) {
-            if ((k1 = (k1 + 1)) == 0) {
-                if ((k2 = (k2 + 1)) == 0) {
-                    k3 = (k3 + 1);
-                }
+    util::unpack_le(key, k0, k1, k2, k3);
+    if ((k0 = (k0 + 1)) == 0) {
+        if ((k1 = (k1 + 1)) == 0) {
+            if ((k2 = (k2 + 1)) == 0) {
+                k3 = (k3 + 1);
             }
         }
-        key = util::pack_le(k0, k1, k2, k3);
     }
-    util::unpack_le(key, k0, k1, k2, k3);
+}
+} // anonymous namespace
+
+namespace arm_crypto_echo {
+void FullStateRound(uint64_t W[16][2], uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3)
+{
+    uint8x16_t key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 0, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 1, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 2, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 3, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 4, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 5, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 6, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 7, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 8, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 9, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 10, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 11, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 12, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 13, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 14, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 15, key, k0, k1, k2, k3);
 }
 } // namespace arm_crypto_echo
 } // namespace sapphire
diff --git a/src/crypto/x11/x86_aesni/echo.cpp b/src/crypto/x11/x86_aesni/echo.cpp
@@ -5,33 +5,66 @@
 #if defined(ENABLE_SSE41) && defined(ENABLE_X86_AESNI)
 #include <crypto/x11/util/util.hpp>
 
-#include <cstdint>
+#include <cstddef>
 
 #include <immintrin.h>
 #include <wmmintrin.h>
 
 namespace sapphire {
-namespace x86_aesni_echo {
-void FullStateRound(uint64_t W[16][2], uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3)
+namespace {
+void ALWAYS_INLINE StateRound(uint64_t W[16][2], size_t idx, __m128i& key, uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3)
 {
-    __m128i key = util::pack_le(k0, k1, k2, k3);
-    for (int n = 0; n < 16; n++) {
-        __m128i block = _mm_load_si128((const __m128i*)&W[n][0]);
-        block = util::aes_round(block, key);
-        block = util::aes_round(block, _mm_setzero_si128());
-        _mm_store_si128((__m128i*)&W[n][0], block);
+    __m128i block = _mm_load_si128((const __m128i*)&W[idx][0]);
+    block = util::aes_round(block, key);
+    block = util::aes_round(block, _mm_setzero_si128());
+    _mm_store_si128((__m128i*)&W[idx][0], block);
 
-        util::unpack_le(key, k0, k1, k2, k3);
-        if ((k0 = (k0 + 1)) == 0) {
-            if ((k1 = (k1 + 1)) == 0) {
-                if ((k2 = (k2 + 1)) == 0) {
-                    k3 = (k3 + 1);
-                }
+    util::unpack_le(key, k0, k1, k2, k3);
+    if ((k0 = (k0 + 1)) == 0) {
+        if ((k1 = (k1 + 1)) == 0) {
+            if ((k2 = (k2 + 1)) == 0) {
+                k3 = (k3 + 1);
             }
         }
-        key = util::pack_le(k0, k1, k2, k3);
     }
-    util::unpack_le(key, k0, k1, k2, k3);
+}
+} // anonymous namespace
+
+namespace x86_aesni_echo {
+void FullStateRound(uint64_t W[16][2], uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3)
+{
+    __m128i key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 0, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 1, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 2, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 3, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 4, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 5, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 6, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 7, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 8, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 9, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 10, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 11, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 12, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 13, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 14, key, k0, k1, k2, k3);
+    key = util::pack_le(k0, k1, k2, k3);
+    StateRound(W, 15, key, k0, k1, k2, k3);
 }
 } // namespace x86_aesni_echo
 } // namespace sapphire
