Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/contrib/bearssl/src/symcipher/aes_x86ni_ctr.c
39482 views
1
/*

2
 * Copyright (c) 2017 Thomas Pornin <[email protected]>

3
 *

4
 * Permission is hereby granted, free of charge, to any person obtaining 

5
 * a copy of this software and associated documentation files (the

6
 * "Software"), to deal in the Software without restriction, including

7
 * without limitation the rights to use, copy, modify, merge, publish,

8
 * distribute, sublicense, and/or sell copies of the Software, and to

9
 * permit persons to whom the Software is furnished to do so, subject to

10
 * the following conditions:

11
 *

12
 * The above copyright notice and this permission notice shall be 

13
 * included in all copies or substantial portions of the Software.

14
 *

15
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 

16
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

17
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 

18
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS

19
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

20
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

21
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

22
 * SOFTWARE.

23
 */

24


25
#define BR_ENABLE_INTRINSICS   1

26
#include "inner.h"

27


28
#if BR_AES_X86NI

29


30
/* see bearssl_block.h */

31
const br_block_ctr_class *

32
br_aes_x86ni_ctr_get_vtable(void)

33
{

34
	return br_aes_x86ni_supported() ? &br_aes_x86ni_ctr_vtable : NULL;

35
}

36


37
/* see bearssl_block.h */

38
void

39
br_aes_x86ni_ctr_init(br_aes_x86ni_ctr_keys *ctx,

40
	const void *key, size_t len)

41
{

42
	ctx->vtable = &br_aes_x86ni_ctr_vtable;

43
	ctx->num_rounds = br_aes_x86ni_keysched_enc(ctx->skey.skni, key, len);

44
}

45


46
BR_TARGETS_X86_UP

47


48
/* see bearssl_block.h */

49
BR_TARGET("sse2,sse4.1,aes")

50
uint32_t

51
br_aes_x86ni_ctr_run(const br_aes_x86ni_ctr_keys *ctx,

52
	const void *iv, uint32_t cc, void *data, size_t len)

53
{

54
	unsigned char *buf;

55
	unsigned char ivbuf[16];

56
	unsigned num_rounds;

57
	__m128i sk[15];

58
	__m128i ivx;

59
	unsigned u;

60


61
	buf = data;

62
	memcpy(ivbuf, iv, 12);

63
	num_rounds = ctx->num_rounds;

64
	for (u = 0; u <= num_rounds; u ++) {

65
		sk[u] = _mm_loadu_si128((void *)(ctx->skey.skni + (u << 4)));

66
	}

67
	ivx = _mm_loadu_si128((void *)ivbuf);

68
	while (len > 0) {

69
		__m128i x0, x1, x2, x3;

70


71
		x0 = _mm_insert_epi32(ivx, br_bswap32(cc + 0), 3);

72
		x1 = _mm_insert_epi32(ivx, br_bswap32(cc + 1), 3);

73
		x2 = _mm_insert_epi32(ivx, br_bswap32(cc + 2), 3);

74
		x3 = _mm_insert_epi32(ivx, br_bswap32(cc + 3), 3);

75
		x0 = _mm_xor_si128(x0, sk[0]);

76
		x1 = _mm_xor_si128(x1, sk[0]);

77
		x2 = _mm_xor_si128(x2, sk[0]);

78
		x3 = _mm_xor_si128(x3, sk[0]);

79
		x0 = _mm_aesenc_si128(x0, sk[1]);

80
		x1 = _mm_aesenc_si128(x1, sk[1]);

81
		x2 = _mm_aesenc_si128(x2, sk[1]);

82
		x3 = _mm_aesenc_si128(x3, sk[1]);

83
		x0 = _mm_aesenc_si128(x0, sk[2]);

84
		x1 = _mm_aesenc_si128(x1, sk[2]);

85
		x2 = _mm_aesenc_si128(x2, sk[2]);

86
		x3 = _mm_aesenc_si128(x3, sk[2]);

87
		x0 = _mm_aesenc_si128(x0, sk[3]);

88
		x1 = _mm_aesenc_si128(x1, sk[3]);

89
		x2 = _mm_aesenc_si128(x2, sk[3]);

90
		x3 = _mm_aesenc_si128(x3, sk[3]);

91
		x0 = _mm_aesenc_si128(x0, sk[4]);

92
		x1 = _mm_aesenc_si128(x1, sk[4]);

93
		x2 = _mm_aesenc_si128(x2, sk[4]);

94
		x3 = _mm_aesenc_si128(x3, sk[4]);

95
		x0 = _mm_aesenc_si128(x0, sk[5]);

96
		x1 = _mm_aesenc_si128(x1, sk[5]);

97
		x2 = _mm_aesenc_si128(x2, sk[5]);

98
		x3 = _mm_aesenc_si128(x3, sk[5]);

99
		x0 = _mm_aesenc_si128(x0, sk[6]);

100
		x1 = _mm_aesenc_si128(x1, sk[6]);

101
		x2 = _mm_aesenc_si128(x2, sk[6]);

102
		x3 = _mm_aesenc_si128(x3, sk[6]);

103
		x0 = _mm_aesenc_si128(x0, sk[7]);

104
		x1 = _mm_aesenc_si128(x1, sk[7]);

105
		x2 = _mm_aesenc_si128(x2, sk[7]);

106
		x3 = _mm_aesenc_si128(x3, sk[7]);

107
		x0 = _mm_aesenc_si128(x0, sk[8]);

108
		x1 = _mm_aesenc_si128(x1, sk[8]);

109
		x2 = _mm_aesenc_si128(x2, sk[8]);

110
		x3 = _mm_aesenc_si128(x3, sk[8]);

111
		x0 = _mm_aesenc_si128(x0, sk[9]);

112
		x1 = _mm_aesenc_si128(x1, sk[9]);

113
		x2 = _mm_aesenc_si128(x2, sk[9]);

114
		x3 = _mm_aesenc_si128(x3, sk[9]);

115
		if (num_rounds == 10) {

116
			x0 = _mm_aesenclast_si128(x0, sk[10]);

117
			x1 = _mm_aesenclast_si128(x1, sk[10]);

118
			x2 = _mm_aesenclast_si128(x2, sk[10]);

119
			x3 = _mm_aesenclast_si128(x3, sk[10]);

120
		} else if (num_rounds == 12) {

121
			x0 = _mm_aesenc_si128(x0, sk[10]);

122
			x1 = _mm_aesenc_si128(x1, sk[10]);

123
			x2 = _mm_aesenc_si128(x2, sk[10]);

124
			x3 = _mm_aesenc_si128(x3, sk[10]);

125
			x0 = _mm_aesenc_si128(x0, sk[11]);

126
			x1 = _mm_aesenc_si128(x1, sk[11]);

127
			x2 = _mm_aesenc_si128(x2, sk[11]);

128
			x3 = _mm_aesenc_si128(x3, sk[11]);

129
			x0 = _mm_aesenclast_si128(x0, sk[12]);

130
			x1 = _mm_aesenclast_si128(x1, sk[12]);

131
			x2 = _mm_aesenclast_si128(x2, sk[12]);

132
			x3 = _mm_aesenclast_si128(x3, sk[12]);

133
		} else {

134
			x0 = _mm_aesenc_si128(x0, sk[10]);

135
			x1 = _mm_aesenc_si128(x1, sk[10]);

136
			x2 = _mm_aesenc_si128(x2, sk[10]);

137
			x3 = _mm_aesenc_si128(x3, sk[10]);

138
			x0 = _mm_aesenc_si128(x0, sk[11]);

139
			x1 = _mm_aesenc_si128(x1, sk[11]);

140
			x2 = _mm_aesenc_si128(x2, sk[11]);

141
			x3 = _mm_aesenc_si128(x3, sk[11]);

142
			x0 = _mm_aesenc_si128(x0, sk[12]);

143
			x1 = _mm_aesenc_si128(x1, sk[12]);

144
			x2 = _mm_aesenc_si128(x2, sk[12]);

145
			x3 = _mm_aesenc_si128(x3, sk[12]);

146
			x0 = _mm_aesenc_si128(x0, sk[13]);

147
			x1 = _mm_aesenc_si128(x1, sk[13]);

148
			x2 = _mm_aesenc_si128(x2, sk[13]);

149
			x3 = _mm_aesenc_si128(x3, sk[13]);

150
			x0 = _mm_aesenclast_si128(x0, sk[14]);

151
			x1 = _mm_aesenclast_si128(x1, sk[14]);

152
			x2 = _mm_aesenclast_si128(x2, sk[14]);

153
			x3 = _mm_aesenclast_si128(x3, sk[14]);

154
		}

155
		if (len >= 64) {

156
			x0 = _mm_xor_si128(x0,

157
				_mm_loadu_si128((void *)(buf +  0)));

158
			x1 = _mm_xor_si128(x1,

159
				_mm_loadu_si128((void *)(buf + 16)));

160
			x2 = _mm_xor_si128(x2,

161
				_mm_loadu_si128((void *)(buf + 32)));

162
			x3 = _mm_xor_si128(x3,

163
				_mm_loadu_si128((void *)(buf + 48)));

164
			_mm_storeu_si128((void *)(buf +  0), x0);

165
			_mm_storeu_si128((void *)(buf + 16), x1);

166
			_mm_storeu_si128((void *)(buf + 32), x2);

167
			_mm_storeu_si128((void *)(buf + 48), x3);

168
			buf += 64;

169
			len -= 64;

170
			cc += 4;

171
		} else {

172
			unsigned char tmp[64];

173


174
			_mm_storeu_si128((void *)(tmp +  0), x0);

175
			_mm_storeu_si128((void *)(tmp + 16), x1);

176
			_mm_storeu_si128((void *)(tmp + 32), x2);

177
			_mm_storeu_si128((void *)(tmp + 48), x3);

178
			for (u = 0; u < len; u ++) {

179
				buf[u] ^= tmp[u];

180
			}

181
			cc += (uint32_t)len >> 4;

182
			break;

183
		}

184
	}

185
	return cc;

186
}

187


188
BR_TARGETS_X86_DOWN

189


190
/* see bearssl_block.h */

191
const br_block_ctr_class br_aes_x86ni_ctr_vtable = {

192
	sizeof(br_aes_x86ni_ctr_keys),

193
	16,

194
	4,

195
	(void (*)(const br_block_ctr_class **, const void *, size_t))

196
		&br_aes_x86ni_ctr_init,

197
	(uint32_t (*)(const br_block_ctr_class *const *,

198
		const void *, uint32_t, void *, size_t))

199
		&br_aes_x86ni_ctr_run

200
};

201


202
#else

203


204
/* see bearssl_block.h */

205
const br_block_ctr_class *

206
br_aes_x86ni_ctr_get_vtable(void)

207
{

208
	return NULL;

209
}

210


211
#endif

212


213