crypto: implement SSSE3 backend for Echo512's ShiftRows()

Author: kwvg

src/crypto/x11/dispatch.cpp

@@ -19,6 +19,7 @@ namespace sapphire {
 #if defined(ENABLE_SSSE3)
 namespace ssse3_echo {
 void MixColumns(uint64_t W[16][2]);
+void ShiftRows(uint64_t W[16][2]);
 } // namespace ssse3_echo
 #endif // ENABLE_SSSE3
 
@@ -46,20 +47,23 @@ void RoundKeyless(uint32_t x0, uint32_t x1, uint32_t x2, uint32_t x3,
 namespace soft_echo {
 void FullStateRound(uint64_t W[16][2], uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3);
 void MixColumns(uint64_t W[16][2]);
+void ShiftRows(uint64_t W[16][2]);
 } // namespace soft_echo
 } // namespace sapphire
 
 extern sapphire::dispatch::AESRoundFn aes_round;
 extern sapphire::dispatch::AESRoundFnNk aes_round_nk;
 extern sapphire::dispatch::EchoMixCols echo_mix_columns;
 extern sapphire::dispatch::EchoRoundFn echo_round;
+extern sapphire::dispatch::EchoShiftRows echo_shift_rows;
 
 void SapphireAutoDetect()
 {
     aes_round = sapphire::soft_aes::Round;
     aes_round_nk = sapphire::soft_aes::RoundKeyless;
     echo_round = sapphire::soft_echo::FullStateRound;
     echo_mix_columns = sapphire::soft_echo::MixColumns;
+    echo_shift_rows = sapphire::soft_echo::ShiftRows;
 
 #if !defined(DISABLE_OPTIMIZED_SHA256)
 #if defined(HAVE_GETCPUID)
@@ -78,6 +82,7 @@ void SapphireAutoDetect()
     const bool use_ssse3 = ((ecx >> 9) & 1);
     if (use_ssse3) {
         echo_mix_columns = sapphire::ssse3_echo::MixColumns;
+        echo_shift_rows = sapphire::ssse3_echo::ShiftRows;
     }
 #endif // ENABLE_SSSE3
 #endif // HAVE_GETCPUID

src/crypto/x11/dispatch.h

@@ -17,6 +17,7 @@ typedef void (*AESRoundFnNk)(uint32_t, uint32_t, uint32_t, uint32_t,
 
 typedef void (*EchoMixCols)(uint64_t[16][2]);
 typedef void (*EchoRoundFn)(uint64_t[16][2], uint32_t&, uint32_t&, uint32_t&, uint32_t&);
+typedef void (*EchoShiftRows)(uint64_t[16][2]);
 } // namespace dispatch
 } // namespace sapphire
 

src/crypto/x11/echo.cpp

@@ -108,26 +108,9 @@ void MixColumns(uint64_t W[16][2])
 	MixColumn(W, 8, 9, 10, 11);
 	MixColumn(W, 12, 13, 14, 15);
 }
-} // namespace soft_echo
-} // namespace sapphire
-
-sapphire::dispatch::EchoMixCols echo_mix_columns = sapphire::soft_echo::MixColumns;
-sapphire::dispatch::EchoRoundFn echo_round = sapphire::soft_echo::FullStateRound;
-
-#define DECL_STATE_BIG   \
-	alignas(16) sph_u64 W[16][2];
-
-#define INPUT_BLOCK_BIG(sc)   do { \
-		unsigned u; \
-		memcpy(W, sc->u.Vb, 16 * sizeof(sph_u64)); \
-		for (u = 0; u < 8; u ++) { \
-			W[u + 8][0] = sph_dec64le_aligned( \
-				sc->buf + 16 * u); \
-			W[u + 8][1] = sph_dec64le_aligned( \
-				sc->buf + 16 * u + 8); \
-		} \
-	} while (0)
 
+void ShiftRows(uint64_t W[16][2])
+{
 #define SHIFT_ROW1(a, b, c, d)   do { \
 		sph_u64 tmp; \
 		tmp = W[a][0]; \
@@ -160,15 +143,38 @@ sapphire::dispatch::EchoRoundFn echo_round = sapphire::soft_echo::FullStateRound
 
 #define SHIFT_ROW3(a, b, c, d)   SHIFT_ROW1(d, c, b, a)
 
-#define BIG_SHIFT_ROWS   do { \
-		SHIFT_ROW1(1, 5, 9, 13); \
-		SHIFT_ROW2(2, 6, 10, 14); \
-		SHIFT_ROW3(3, 7, 11, 15); \
+	SHIFT_ROW1(1, 5, 9, 13);
+	SHIFT_ROW2(2, 6, 10, 14);
+	SHIFT_ROW3(3, 7, 11, 15);
+
+#undef SHIFT_ROW1
+#undef SHIFT_ROW2
+#undef SHIFT_ROW3
+}
+} // namespace soft_echo
+} // namespace sapphire
+
+sapphire::dispatch::EchoMixCols echo_mix_columns = sapphire::soft_echo::MixColumns;
+sapphire::dispatch::EchoRoundFn echo_round = sapphire::soft_echo::FullStateRound;
+sapphire::dispatch::EchoShiftRows echo_shift_rows = sapphire::soft_echo::ShiftRows;
+
+#define DECL_STATE_BIG   \
+	alignas(16) sph_u64 W[16][2];
+
+#define INPUT_BLOCK_BIG(sc)   do { \
+		unsigned u; \
+		memcpy(W, sc->u.Vb, 16 * sizeof(sph_u64)); \
+		for (u = 0; u < 8; u ++) { \
+			W[u + 8][0] = sph_dec64le_aligned( \
+				sc->buf + 16 * u); \
+			W[u + 8][1] = sph_dec64le_aligned( \
+				sc->buf + 16 * u + 8); \
+		} \
 	} while (0)
 
 #define BIG_ROUND   do { \
 		echo_round(W, K0, K1, K2, K3); \
-		BIG_SHIFT_ROWS; \
+		echo_shift_rows(W); \
 		echo_mix_columns(W); \
 	} while (0)
 

src/crypto/x11/ssse3/echo.cpp

@@ -49,6 +49,34 @@ void ALWAYS_INLINE MixColumn(uint64_t W[16][2], int ia, int ib, int ic, int id)
     // W[id] = abx ^ bcx ^ cdx ^ ab ^ c
     _mm_store_si128((__m128i*)&W[id][0], util::Xor(util::Xor(util::Xor(util::Xor(abx, bcx), cdx), ab), c));
 }
+
+void ALWAYS_INLINE ShiftRow1(__m128i& Wa, __m128i& Wb, __m128i& Wc, __m128i& Wd)
+{
+    __m128i tmp = Wa;
+    Wa = Wb;
+    Wb = Wc;
+    Wc = Wd;
+    Wd = tmp;
+}
+
+void ALWAYS_INLINE ShiftRow2(__m128i& Wa, __m128i& Wb, __m128i& Wc, __m128i& Wd)
+{
+    __m128i tmp1 = Wa;
+    __m128i tmp2 = Wb;
+    Wa = Wc;
+    Wb = Wd;
+    Wc = tmp1;
+    Wd = tmp2;
+}
+
+void ALWAYS_INLINE ShiftRow3(__m128i& Wa, __m128i& Wb, __m128i& Wc, __m128i& Wd)
+{
+    __m128i tmp = Wd;
+    Wd = Wc;
+    Wc = Wb;
+    Wb = Wa;
+    Wa = tmp;
+}
 } // anonymous namespace
 
 namespace ssse3_echo {
@@ -59,6 +87,48 @@ void MixColumns(uint64_t W[16][2])
     MixColumn(W, 8, 9, 10, 11);
     MixColumn(W, 12, 13, 14, 15);
 }
+
+void ShiftRows(uint64_t W[16][2])
+{
+    alignas(16) __m128i w[16];
+    w[0] = _mm_load_si128((const __m128i*)&W[0][0]);
+    w[1] = _mm_load_si128((const __m128i*)&W[1][0]);
+    w[2] = _mm_load_si128((const __m128i*)&W[2][0]);
+    w[3] = _mm_load_si128((const __m128i*)&W[3][0]);
+    w[4] = _mm_load_si128((const __m128i*)&W[4][0]);
+    w[5] = _mm_load_si128((const __m128i*)&W[5][0]);
+    w[6] = _mm_load_si128((const __m128i*)&W[6][0]);
+    w[7] = _mm_load_si128((const __m128i*)&W[7][0]);
+    w[8] = _mm_load_si128((const __m128i*)&W[8][0]);
+    w[9] = _mm_load_si128((const __m128i*)&W[9][0]);
+    w[10] = _mm_load_si128((const __m128i*)&W[10][0]);
+    w[11] = _mm_load_si128((const __m128i*)&W[11][0]);
+    w[12] = _mm_load_si128((const __m128i*)&W[12][0]);
+    w[13] = _mm_load_si128((const __m128i*)&W[13][0]);
+    w[14] = _mm_load_si128((const __m128i*)&W[14][0]);
+    w[15] = _mm_load_si128((const __m128i*)&W[15][0]);
+
+    ShiftRow1(w[1], w[5], w[9], w[13]);
+    ShiftRow2(w[2], w[6], w[10], w[14]);
+    ShiftRow3(w[3], w[7], w[11], w[15]);
+
+    _mm_store_si128((__m128i*)&W[0][0], w[0]);
+    _mm_store_si128((__m128i*)&W[1][0], w[1]);
+    _mm_store_si128((__m128i*)&W[2][0], w[2]);
+    _mm_store_si128((__m128i*)&W[3][0], w[3]);
+    _mm_store_si128((__m128i*)&W[4][0], w[4]);
+    _mm_store_si128((__m128i*)&W[5][0], w[5]);
+    _mm_store_si128((__m128i*)&W[6][0], w[6]);
+    _mm_store_si128((__m128i*)&W[7][0], w[7]);
+    _mm_store_si128((__m128i*)&W[8][0], w[8]);
+    _mm_store_si128((__m128i*)&W[9][0], w[9]);
+    _mm_store_si128((__m128i*)&W[10][0], w[10]);
+    _mm_store_si128((__m128i*)&W[11][0], w[11]);
+    _mm_store_si128((__m128i*)&W[12][0], w[12]);
+    _mm_store_si128((__m128i*)&W[13][0], w[13]);
+    _mm_store_si128((__m128i*)&W[14][0], w[14]);
+    _mm_store_si128((__m128i*)&W[15][0], w[15]);
+}
 } // namespace ssse3_echo
 } // namespace sapphire