From 1032b5832315186e258b9ef02606429f43f26d0a Mon Sep 17 00:00:00 2001 From: HowJMay Date: Wed, 1 Sep 2021 22:02:08 +0800 Subject: [PATCH] feat: Add SHA3 ARM64 acceleration --- cryptography/sha3/keccakf_arm64.s | 155 +++++++++++++++++++++++++++++ cryptography/sha3/keccakg_arm64.go | 5 + 2 files changed, 160 insertions(+) create mode 100644 cryptography/sha3/keccakf_arm64.s create mode 100644 cryptography/sha3/keccakg_arm64.go diff --git a/cryptography/sha3/keccakf_arm64.s b/cryptography/sha3/keccakf_arm64.s new file mode 100644 index 0000000..43716cd --- /dev/null +++ b/cryptography/sha3/keccakf_arm64.s @@ -0,0 +1,155 @@ +// func keccakf(state *[25]uint64) +TEXT ·keccakf(SB),$0-24 + MOVD state+0(FP), R0 + MOVD $round_consts(SB), R1 // TODO: move this to the place that the const table is used + MOVD $24, R2 // counter for loop + + VLD1.P 16(R0), [V0.D1, V1.D1] + VLD1.P 16(R0), [V2.D1, V3.D1] + VLD1.P 16(R0), [V4.D1, V5.D1] + VLD1.P 16(R0), [V6.D1, V7.D1] + VLD1.P 16(R0), [V8.D1, V9.D1] + VLD1.P 16(R0), [V10.D1, V11.D1] + VLD1.P 16(R0), [V12.D1, V13.D1] + VLD1.P 16(R0), [V14.D1, V15.D1] + VLD1.P 16(R0), [V16.D1, V17.D1] + VLD1.P 16(R0), [V18.D1, V19.D1] + VLD1.P 16(R0), [V20.D1, V21.D1] + VLD1.P 16(R0), [V22.D1, V23.D1] + VLD1 (R0), [V24.D1] + + SUB $192, R0, R0 + +loop: + // Theta + VEOR3 V20.B16, V15.B16, V10.B16, V25.B16 + VEOR3 V21.B16, V16.B16, V11.B16, V26.B16 + VEOR3 V22.B16, V17.B16, V12.B16, V27.B16 + VEOR3 V23.B16, V18.B16, V13.B16, V28.B16 + VEOR3 V24.B16, V19.B16, V14.B16, V29.B16 + VEOR3 V25.B16, V5.B16, V0.B16, V25.B16 + VEOR3 V26.B16, V6.B16, V1.B16, V26.B16 + VEOR3 V27.B16, V7.B16, V2.B16, V27.B16 + VEOR3 V28.B16, V8.B16, V3.B16, V28.B16 + VEOR3 V29.B16, V9.B16, V4.B16, V29.B16 + + VRAX1 V27.D2, V25.D2, V30.D2 // D[1] + VRAX1 V28.D2, V26.D2, V31.D2 // D[2] + VRAX1 V29.D2, V27.D2, V27.D2 // D[3] + VRAX1 V25.D2, V28.D2, V28.D2 // D[4] + VRAX1 V26.D2, V29.D2, V29.D2 // D[0] + + // Theta + Rho + Pi + VXAR $64-1, V30.D2, V1.D2, V25.D2 // C[0] = A[2][0] + + VXAR $64-44, V30.D2, V6.D2, V1.D2 + VXAR $64-20, V28.D2, V9.D2, V6.D2 + VXAR $64-61, V31.D2, V22.D2, V9.D2 + VXAR $64-39, V28.D2, V14.D2, V22.D2 + VXAR $64-18, V29.D2, V20.D2, V14.D2 + + VXAR $64-62, V31.D2, V2.D2, V26.D2 // C[1] = A[4][0] + + VXAR $64-43, V31.D2, V12.D2, V2.D2 + VXAR $64-25, V27.D2, V13.D2, V12.D2 + VXAR $64-8, V28.D2, V19.D2, V13.D2 + VXAR $64-56, V27.D2, V23.D2, V19.D2 + VXAR $64-41, V29.D2, V15.D2, V23.D2 + + VXAR $64-27, V28.D2, V4.D2, V15.D2 + + VXAR $64-14, V28.D2, V24.D2, V28.D2 // D[4] = A[0][4] + VXAR $64-2, V30.D2, V21.D2, V24.D2 + VXAR $64-55, V27.D2, V8.D2, V8.D2 // A[1][3] = A[4][1] + VXAR $64-45, V30.D2, V16.D2, V4.D2 // A[0][4] = A[1][3] + VXAR $64-36, V29.D2, V5.D2, V16.D2 + + VXAR $64-28, V27.D2, V3.D2, V5.D2 + + VEOR V29.B16, V0.B16, V0.B16 + + VXAR $64-21, V27.D2, V18.D2, V27.D2 // D[3] = A[0][3] + VXAR $64-15, V31.D2, V17.D2, V3.D2 // A[0][3] = A[3][3] + VXAR $64-10, V30.D2, V11.D2, V30.D2 // D[1] = A[3][2] + VXAR $64-6, V31.D2, V7.D2, V31.D2 // D[2] = A[2][1] + VXAR $64-3, V29.D2, V10.D2, V29.D2 // D[0] = A[1][2] + + // Chi + Iota + VBCAX V8.B16, V22.B16, V26.B16, V20.B16 // A[1][3] = A[4][1] + VBCAX V22.B16, V23.B16, V8.B16, V21.B16 // A[1][3] = A[4][1] + VBCAX V23.B16, V24.B16, V22.B16, V22.B16 + VBCAX V24.B16, V26.B16, V23.B16, V23.B16 + VBCAX V26.B16, V8.B16, V24.B16, V24.B16 // A[1][3] = A[4][1] + + VLD1R.P 8(R1), [V26.D2] + + VBCAX V3.B16, V19.B16, V30.B16, V17.B16 // A[0][3] = A[3][3] + VBCAX V19.B16, V15.B16, V3.B16, V18.B16 // A[0][3] = A[3][3] + VBCAX V15.B16, V16.B16, V19.B16, V19.B16 + VBCAX V16.B16, V30.B16, V15.B16, V15.B16 + VBCAX V30.B16, V3.B16, V16.B16, V16.B16 // A[0][3] = A[3][3] + + VBCAX V31.B16, V12.B16, V25.B16, V10.B16 + VBCAX V12.B16, V13.B16, V31.B16, V11.B16 + VBCAX V13.B16, V14.B16, V12.B16, V12.B16 + VBCAX V14.B16, V25.B16, V13.B16, V13.B16 + VBCAX V25.B16, V31.B16, V14.B16, V14.B16 + + VBCAX V4.B16, V9.B16, V29.B16, V7.B16 // A[0][4] = A[1][3] + VBCAX V9.B16, V5.B16, V4.B16, V8.B16 // A[0][4] = A[1][3] + VBCAX V5.B16, V6.B16, V9.B16, V9.B16 + VBCAX V6.B16, V29.B16, V5.B16, V5.B16 + VBCAX V29.B16, V4.B16, V6.B16, V6.B16 // A[0][4] = A[1][3] + + VBCAX V28.B16, V0.B16, V27.B16, V3.B16 + VBCAX V0.B16, V1.B16, V28.B16, V4.B16 + VBCAX V1.B16, V2.B16, V0.B16, V0.B16 // iota (chi part) + VBCAX V2.B16, V27.B16, V1.B16, V1.B16 + VBCAX V27.B16, V28.B16, V2.B16, V2.B16 + + VEOR V26.B16, V0.B16, V0.B16 // IOTA + + SUBS $1, R2, R2 + BNE loop + + VST1.P [V0.D1, V1.D1], 16(R0) + VST1.P [V2.D1, V3.D1], 16(R0) + VST1.P [V4.D1, V5.D1], 16(R0) + VST1.P [V6.D1, V7.D1], 16(R0) + VST1.P [V8.D1, V9.D1], 16(R0) + VST1.P [V10.D1, V11.D1], 16(R0) + VST1.P [V12.D1, V13.D1], 16(R0) + VST1.P [V14.D1, V15.D1], 16(R0) + VST1.P [V16.D1, V17.D1], 16(R0) + VST1.P [V18.D1, V19.D1], 16(R0) + VST1.P [V20.D1, V21.D1], 16(R0) + VST1.P [V22.D1, V23.D1], 16(R0) + VST1 [V24.D1], (R0) + + RET + +DATA round_consts+0x00(SB)/8, $0x0000000000000001 +DATA round_consts+0x08(SB)/8, $0x0000000000008082 +DATA round_consts+0x10(SB)/8, $0x800000000000808a +DATA round_consts+0x18(SB)/8, $0x8000000080008000 +DATA round_consts+0x20(SB)/8, $0x000000000000808b +DATA round_consts+0x28(SB)/8, $0x0000000080000001 +DATA round_consts+0x30(SB)/8, $0x8000000080008081 +DATA round_consts+0x38(SB)/8, $0x8000000000008009 +DATA round_consts+0x40(SB)/8, $0x000000000000008a +DATA round_consts+0x48(SB)/8, $0x0000000000000088 +DATA round_consts+0x50(SB)/8, $0x0000000080008009 +DATA round_consts+0x58(SB)/8, $0x000000008000000a +DATA round_consts+0x60(SB)/8, $0x000000008000808b +DATA round_consts+0x68(SB)/8, $0x800000000000008b +DATA round_consts+0x70(SB)/8, $0x8000000000008089 +DATA round_consts+0x78(SB)/8, $0x8000000000008003 +DATA round_consts+0x80(SB)/8, $0x8000000000008002 +DATA round_consts+0x88(SB)/8, $0x8000000000000080 +DATA round_consts+0x90(SB)/8, $0x000000000000800a +DATA round_consts+0x98(SB)/8, $0x800000008000000a +DATA round_consts+0xA0(SB)/8, $0x8000000080008081 +DATA round_consts+0xA8(SB)/8, $0x8000000000008080 +DATA round_consts+0xB0(SB)/8, $0x0000000080000001 +DATA round_consts+0xB8(SB)/8, $0x8000000080008008 +GLOBL round_consts(SB), (8+16), $192 diff --git a/cryptography/sha3/keccakg_arm64.go b/cryptography/sha3/keccakg_arm64.go new file mode 100644 index 0000000..eb6b8b8 --- /dev/null +++ b/cryptography/sha3/keccakg_arm64.go @@ -0,0 +1,5 @@ +// +build arm64 + +package sha3 + +func keccakf(state *[25]uint64)