vSMC  v3.0.0
Scalable Monte Carlo
aes_ni.hpp
Go to the documentation of this file.
1 //============================================================================
2 // vSMC/include/vsmc/rng/aes_ni.hpp
3 //----------------------------------------------------------------------------
4 // vSMC: Scalable Monte Carlo
5 //----------------------------------------------------------------------------
6 // Copyright (c) 2013-2016, Yan Zhou
7 // All rights reserved.
8 //
9 // Redistribution and use in source and binary forms, with or without
10 // modification, are permitted provided that the following conditions are met:
11 //
12 // Redistributions of source code must retain the above copyright notice,
13 // this list of conditions and the following disclaimer.
14 //
15 // Redistributions in binary form must reproduce the above copyright notice,
16 // this list of conditions and the following disclaimer in the documentation
17 // and/or other materials provided with the distribution.
18 //
19 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
20 // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 // ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
23 // LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 // CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 // SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 // CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 // POSSIBILITY OF SUCH DAMAGE.
30 //============================================================================
31 
32 #ifndef VSMC_RNG_AES_NI_HPP
33 #define VSMC_RNG_AES_NI_HPP
34 
35 #include <vsmc/rng/internal/common.hpp>
36 #include <vsmc/rng/counter.hpp>
37 #include <wmmintrin.h>
38 
39 #ifdef VSMC_GCC
40 #if __GNUC__ >= 6
41 #pragma GCC diagnostic push
42 #pragma GCC diagnostic ignored "-Wignored-attributes"
43 #endif
44 #endif
45 
46 #define VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(N, val) \
47  template <> \
48  inline __m128i AESKeyGenAssist<N>(const __m128i &xmm) \
49  { \
50  return _mm_aeskeygenassist_si128(xmm, val); \
51  }
52 
54 #ifndef VSMC_RNG_AES128_ROUNDS
55 #define VSMC_RNG_AES128_ROUNDS 10
56 #endif
57 
59 #ifndef VSMC_RNG_AES192_ROUNDS
60 #define VSMC_RNG_AES192_ROUNDS 12
61 #endif
62 
64 #ifndef VSMC_RNG_AES256_ROUNDS
65 #define VSMC_RNG_AES256_ROUNDS 14
66 #endif
67 
70 #ifndef VSMC_RNG_ARS_ROUNDS
71 #define VSMC_RNG_ARS_ROUNDS 5
72 #endif
73 
76 #ifndef VSMC_RNG_AES_NI_BLOCKS
77 #define VSMC_RNG_AES_NI_BLOCKS 8
78 #endif
79 
80 namespace vsmc
81 {
82 
85 template <typename KeySeqType, std::size_t Rounds, std::size_t Blocks>
86 class AESNIGenerator
87 {
88  static_assert(
89  Rounds != 0, "**AESNIGenerator** USED WITH ROUNDS EQUAL TO ZERO");
90 
91  static_assert(
92  Blocks != 0, "**AESNIGenerator** USED WITH Blocks EQUAL TO ZERO");
93 
94  public:
95  using ctr_type = std::array<std::uint64_t, 2>;
96  using key_type = typename KeySeqType::key_type;
97 
98  static constexpr std::size_t size() { return Blocks * sizeof(__m128i); }
99 
100  void reset(const key_type &key) { key_seq_.reset(key); }
101 
102  void enc(const ctr_type &ctr, ctr_type &buffer) const
103  {
104  union {
105  std::array<__m128i, 1> state;
106  ctr_type result;
107  } buf;
108 
109  std::array<__m128i, Rounds + 1> rk_tmp;
110  const std::array<__m128i, Rounds + 1> &rk = key_seq_(rk_tmp);
111 
112  buf.result = ctr;
113  enc(buf.state, rk);
114  buffer = buf.result;
115  }
116 
117  template <typename ResultType>
118  void operator()(ctr_type &ctr,
119  std::array<ResultType, size() / sizeof(ResultType)> &buffer) const
120  {
121  union {
122  std::array<__m128i, Blocks> state;
123  std::array<ctr_type, Blocks> ctr_block;
124  std::array<ResultType, size() / sizeof(ResultType)> result;
125  } buf;
126 
127  std::array<__m128i, Rounds + 1> rk_tmp;
128  const std::array<__m128i, Rounds + 1> &rk = key_seq_(rk_tmp);
129 
130  increment(ctr, buf.ctr_block);
131  enc(buf.state, rk);
132  buffer = buf.result;
133  }
134 
135  template <typename ResultType>
136  void operator()(ctr_type &ctr, std::size_t n,
137  std::array<ResultType, size() / sizeof(ResultType)> *buffer) const
138  {
139  union {
140  std::array<__m128i, Blocks> state;
141  std::array<ctr_type, Blocks> ctr_block;
142  std::array<ResultType, size() / sizeof(ResultType)> result;
143  } buf;
144 
145  std::array<__m128i, Rounds + 1> rk_tmp;
146  const std::array<__m128i, Rounds + 1> &rk = key_seq_(rk_tmp);
147 
148  for (std::size_t i = 0; i != n; ++i) {
149  increment(ctr, buf.ctr_block);
150  enc(buf.state, rk);
151  buffer[i] = buf.result;
152  }
153  }
154 
155  friend bool operator==(
156  const AESNIGenerator<KeySeqType, Rounds, Blocks> &gen1,
157  const AESNIGenerator<KeySeqType, Rounds, Blocks> &gen2)
158  {
159  return gen1.key_seq_ == gen2.key_seq_;
160  }
161 
162  friend bool operator!=(
163  const AESNIGenerator<KeySeqType, Rounds, Blocks> &gen1,
164  const AESNIGenerator<KeySeqType, Rounds, Blocks> &gen2)
165  {
166  return !(gen1 == gen2);
167  }
168 
169  template <typename CharT, typename Traits>
170  friend std::basic_ostream<CharT, Traits> &operator<<(
171  std::basic_ostream<CharT, Traits> &os,
172  const AESNIGenerator<KeySeqType, Rounds, Blocks> &gen)
173  {
174  if (!os)
175  return os;
176 
177  os << gen.key_seq_;
178 
179  return os;
180  }
181 
182  template <typename CharT, typename Traits>
183  friend std::basic_istream<CharT, Traits> &operator>>(
184  std::basic_istream<CharT, Traits> &is,
185  AESNIGenerator<KeySeqType, Rounds, Blocks> &gen)
186  {
187  if (!is)
188  return is;
189 
190  AESNIGenerator<KeySeqType, Rounds, Blocks> gen_tmp;
191  is >> std::ws >> gen_tmp.key_seq_;
192 
193  if (is)
194  gen = std::move(gen_tmp);
195 
196  return is;
197  }
198 
199  private:
200  KeySeqType key_seq_;
201 
202  template <std::size_t K, std::size_t Rp1>
203  void enc(std::array<__m128i, K> &state,
204  const std::array<__m128i, Rp1> &rk) const
205  {
206  enc_first(state, rk);
207  enc_round<1>(state, rk, std::integral_constant<bool, 2 < Rp1>());
208  enc_last(state, rk);
209  }
210 
211  template <std::size_t K, std::size_t Rp1>
212  void enc_first(std::array<__m128i, K> &state,
213  const std::array<__m128i, Rp1> &rk) const
214  {
215  enc_first<0>(state, rk, std::true_type());
216  }
217 
218  template <std::size_t, std::size_t K, std::size_t Rp1>
219  void enc_first(std::array<__m128i, K> &, const std::array<__m128i, Rp1> &,
220  std::false_type) const
221  {
222  }
223 
224  template <std::size_t B, std::size_t K, std::size_t Rp1>
225  void enc_first(std::array<__m128i, K> &state,
226  const std::array<__m128i, Rp1> &rk, std::true_type) const
227  {
228  std::get<B>(state) =
229  _mm_xor_si128(std::get<B>(state), std::get<0>(rk));
230  enc_first<B + 1>(state, rk, std::integral_constant<bool, B + 1 < K>());
231  }
232 
233  template <std::size_t, std::size_t K, std::size_t Rp1>
234  void enc_round(std::array<__m128i, K> &, const std::array<__m128i, Rp1> &,
235  std::false_type) const
236  {
237  }
238 
239  template <std::size_t N, std::size_t K, std::size_t Rp1>
240  void enc_round(std::array<__m128i, K> &state,
241  const std::array<__m128i, Rp1> &rk, std::true_type) const
242  {
243  enc_round_block<0, N>(state, rk, std::true_type());
244  enc_round<N + 1>(
245  state, rk, std::integral_constant<bool, N + 2 < Rp1>());
246  }
247 
248  template <std::size_t, std::size_t, std::size_t K, std::size_t Rp1>
249  void enc_round_block(std::array<__m128i, K> &,
250  const std::array<__m128i, Rp1> &, std::false_type) const
251  {
252  }
253 
254  template <std::size_t B, std::size_t N, std::size_t K, std::size_t Rp1>
255  void enc_round_block(std::array<__m128i, K> &state,
256  const std::array<__m128i, Rp1> &rk, std::true_type) const
257 
258  {
259  std::get<B>(state) =
260  _mm_aesenc_si128(std::get<B>(state), std::get<N>(rk));
261  enc_round_block<B + 1, N>(
262  state, rk, std::integral_constant<bool, B + 1 < K>());
263  }
264 
265  template <std::size_t K, std::size_t Rp1>
266  void enc_last(std::array<__m128i, K> &state,
267  const std::array<__m128i, Rp1> &rk) const
268  {
269  enc_last<0>(state, rk, std::true_type());
270  }
271 
272  template <std::size_t, std::size_t K, std::size_t Rp1>
273  void enc_last(std::array<__m128i, K> &, const std::array<__m128i, Rp1> &,
274  std::false_type) const
275  {
276  }
277 
278  template <std::size_t B, std::size_t K, std::size_t Rp1>
279  void enc_last(std::array<__m128i, K> &state,
280  const std::array<__m128i, Rp1> &rk, std::true_type) const
281  {
282  std::get<B>(state) =
283  _mm_aesenclast_si128(std::get<B>(state), std::get<Rp1 - 1>(rk));
284  enc_last<B + 1>(state, rk, std::integral_constant<bool, B + 1 < K>());
285  }
286 }; // class AESNIGenerator
287 
290 template <typename ResultType, typename KeySeqType, std::size_t Rounds,
291  std::size_t Blocks>
292 using AESNIEngine =
293  CounterEngine<ResultType, AESNIGenerator<KeySeqType, Rounds, Blocks>>;
294 
295 namespace internal
296 {
297 
298 template <std::size_t>
299 inline __m128i AESKeyGenAssist(const __m128i &);
300 
301 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x00, 0x8D)
302 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x01, 0x01)
303 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x02, 0x02)
304 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x03, 0x04)
305 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x04, 0x08)
306 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x05, 0x10)
307 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x06, 0x20)
308 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x07, 0x40)
309 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x08, 0x80)
310 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x09, 0x1B)
311 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x0A, 0x36)
312 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x0B, 0x6C)
313 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x0C, 0xD8)
314 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x0D, 0xAB)
315 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x0E, 0x4D)
316 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x0F, 0x9A)
317 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x10, 0x2F)
318 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x11, 0x5E)
319 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x12, 0xBC)
320 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x13, 0x63)
321 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x14, 0xC6)
322 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x15, 0x97)
323 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x16, 0x35)
324 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x17, 0x6A)
325 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x18, 0xD4)
326 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x19, 0xB3)
327 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x1A, 0x7D)
328 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x1B, 0xFA)
329 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x1C, 0xEF)
330 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x1D, 0xC5)
331 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x1E, 0x91)
332 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x1F, 0x39)
333 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x20, 0x72)
334 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x21, 0xE4)
335 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x22, 0xD3)
336 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x23, 0xBD)
337 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x24, 0x61)
338 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x25, 0xC2)
339 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x26, 0x9F)
340 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x27, 0x25)
341 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x28, 0x4A)
342 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x29, 0x94)
343 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x2A, 0x33)
344 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x2B, 0x66)
345 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x2C, 0xCC)
346 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x2D, 0x83)
347 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x2E, 0x1D)
348 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x2F, 0x3A)
349 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x30, 0x74)
350 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x31, 0xE8)
351 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x32, 0xCB)
352 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x33, 0x8D)
353 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x34, 0x01)
354 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x35, 0x02)
355 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x36, 0x04)
356 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x37, 0x08)
357 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x38, 0x10)
358 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x39, 0x20)
359 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x3A, 0x40)
360 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x3B, 0x80)
361 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x3C, 0x1B)
362 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x3D, 0x36)
363 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x3E, 0x6C)
364 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x3F, 0xD8)
365 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x40, 0xAB)
366 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x41, 0x4D)
367 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x42, 0x9A)
368 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x43, 0x2F)
369 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x44, 0x5E)
370 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x45, 0xBC)
371 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x46, 0x63)
372 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x47, 0xC6)
373 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x48, 0x97)
374 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x49, 0x35)
375 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x4A, 0x6A)
376 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x4B, 0xD4)
377 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x4C, 0xB3)
378 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x4D, 0x7D)
379 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x4E, 0xFA)
380 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x4F, 0xEF)
381 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x50, 0xC5)
382 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x51, 0x91)
383 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x52, 0x39)
384 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x53, 0x72)
385 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x54, 0xE4)
386 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x55, 0xD3)
387 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x56, 0xBD)
388 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x57, 0x61)
389 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x58, 0xC2)
390 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x59, 0x9F)
391 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x5A, 0x25)
392 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x5B, 0x4A)
393 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x5C, 0x94)
394 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x5D, 0x33)
395 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x5E, 0x66)
396 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x5F, 0xCC)
397 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x60, 0x83)
398 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x61, 0x1D)
399 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x62, 0x3A)
400 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x63, 0x74)
401 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x64, 0xE8)
402 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x65, 0xCB)
403 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x66, 0x8D)
404 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x67, 0x01)
405 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x68, 0x02)
406 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x69, 0x04)
407 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x6A, 0x08)
408 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x6B, 0x10)
409 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x6C, 0x20)
410 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x6D, 0x40)
411 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x6E, 0x80)
412 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x6F, 0x1B)
413 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x70, 0x36)
414 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x71, 0x6C)
415 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x72, 0xD8)
416 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x73, 0xAB)
417 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x74, 0x4D)
418 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x75, 0x9A)
419 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x76, 0x2F)
420 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x77, 0x5E)
421 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x78, 0xBC)
422 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x79, 0x63)
423 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x7A, 0xC6)
424 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x7B, 0x97)
425 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x7C, 0x35)
426 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x7D, 0x6A)
427 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x7E, 0xD4)
428 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x7F, 0xB3)
429 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x80, 0x7D)
430 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x81, 0xFA)
431 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x82, 0xEF)
432 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x83, 0xC5)
433 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x84, 0x91)
434 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x85, 0x39)
435 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x86, 0x72)
436 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x87, 0xE4)
437 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x88, 0xD3)
438 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x89, 0xBD)
439 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x8A, 0x61)
440 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x8B, 0xC2)
441 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x8C, 0x9F)
442 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x8D, 0x25)
443 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x8E, 0x4A)
444 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x8F, 0x94)
445 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x90, 0x33)
446 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x91, 0x66)
447 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x92, 0xCC)
448 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x93, 0x83)
449 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x94, 0x1D)
450 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x95, 0x3A)
451 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x96, 0x74)
452 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x97, 0xE8)
453 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x98, 0xCB)
454 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x99, 0x8D)
455 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x9A, 0x01)
456 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x9B, 0x02)
457 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x9C, 0x04)
458 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x9D, 0x08)
459 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x9E, 0x10)
460 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0x9F, 0x20)
461 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA0, 0x40)
462 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA1, 0x80)
463 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA2, 0x1B)
464 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA3, 0x36)
465 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA4, 0x6C)
466 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA5, 0xD8)
467 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA6, 0xAB)
468 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA7, 0x4D)
469 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA8, 0x9A)
470 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xA9, 0x2F)
471 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xAA, 0x5E)
472 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xAB, 0xBC)
473 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xAC, 0x63)
474 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xAD, 0xC6)
475 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xAE, 0x97)
476 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xAF, 0x35)
477 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB0, 0x6A)
478 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB1, 0xD4)
479 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB2, 0xB3)
480 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB3, 0x7D)
481 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB4, 0xFA)
482 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB5, 0xEF)
483 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB6, 0xC5)
484 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB7, 0x91)
485 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB8, 0x39)
486 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xB9, 0x72)
487 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xBA, 0xE4)
488 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xBB, 0xD3)
489 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xBC, 0xBD)
490 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xBD, 0x61)
491 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xBE, 0xC2)
492 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xBF, 0x9F)
493 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC0, 0x25)
494 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC1, 0x4A)
495 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC2, 0x94)
496 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC3, 0x33)
497 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC4, 0x66)
498 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC5, 0xCC)
499 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC6, 0x83)
500 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC7, 0x1D)
501 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC8, 0x3A)
502 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xC9, 0x74)
503 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xCA, 0xE8)
504 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xCB, 0xCB)
505 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xCC, 0x8D)
506 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xCD, 0x01)
507 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xCE, 0x02)
508 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xCF, 0x04)
509 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD0, 0x08)
510 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD1, 0x10)
511 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD2, 0x20)
512 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD3, 0x40)
513 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD4, 0x80)
514 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD5, 0x1B)
515 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD6, 0x36)
516 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD7, 0x6C)
517 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD8, 0xD8)
518 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xD9, 0xAB)
519 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xDA, 0x4D)
520 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xDB, 0x9A)
521 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xDC, 0x2F)
522 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xDD, 0x5E)
523 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xDE, 0xBC)
524 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xDF, 0x63)
525 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE0, 0xC6)
526 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE1, 0x97)
527 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE2, 0x35)
528 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE3, 0x6A)
529 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE4, 0xD4)
530 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE5, 0xB3)
531 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE6, 0x7D)
532 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE7, 0xFA)
533 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE8, 0xEF)
534 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xE9, 0xC5)
535 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xEA, 0x91)
536 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xEB, 0x39)
537 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xEC, 0x72)
538 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xED, 0xE4)
539 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xEE, 0xD3)
540 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xEF, 0xBD)
541 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF0, 0x61)
542 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF1, 0xC2)
543 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF2, 0x9F)
544 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF3, 0x25)
545 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF4, 0x4A)
546 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF5, 0x94)
547 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF6, 0x33)
548 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF7, 0x66)
549 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF8, 0xCC)
550 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xF9, 0x83)
551 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xFA, 0x1D)
552 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xFB, 0x3A)
553 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xFC, 0x74)
554 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xFD, 0xE8)
555 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xFE, 0xCB)
556 VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(0xFF, 0x8D)
557 
558 template <std::size_t>
559 class ARSWeylConstant;
560 
561 template <>
562 class ARSWeylConstant<0> : public std::integral_constant<std::uint64_t,
563  UINT64_C(0x9E3779B97F4A7C15)>
564 {
565 }; // class ARSWeylConstant
566 
567 template <>
568 class ARSWeylConstant<1> : public std::integral_constant<std::uint64_t,
569  UINT64_C(0xBB67AE8584CAA73B)>
570 {
571 }; // class ARSWeylConstant
572 
573 } // namespace internal
574 
577 class ARSConstants
578 {
579  public:
581  template <std::size_t I>
582  using weyl = internal::ARSWeylConstant<I>;
583 }; // class ARSConstants
584 
585 namespace internal
586 {
587 
588 template <std::size_t Rounds, typename KeySeqGenerator>
589 class AESKeySeq
590 {
591  public:
592  using key_type = typename KeySeqGenerator::key_type;
593 
594  void reset(const key_type &key)
595  {
596  KeySeqGenerator generator;
597  generator(key, key_seq_);
598  }
599 
600  const std::array<__m128i, Rounds + 1> &operator()(
601  std::array<__m128i, Rounds + 1> &) const
602  {
603  return key_seq_;
604  }
605 
606  friend bool operator==(const AESKeySeq<Rounds, KeySeqGenerator> &seq1,
607  const AESKeySeq<Rounds, KeySeqGenerator> &seq2)
608  {
609  alignas(16) std::array<std::uint64_t, 2 * (Rounds + 1)> ks1;
610  alignas(16) std::array<std::uint64_t, 2 * (Rounds + 1)> ks2;
611  std::memcpy(ks1.data(), seq1.key_seq_.data(), 16 * (Rounds + 1));
612  std::memcpy(ks2.data(), seq2.key_seq_.data(), 16 * (Rounds + 1));
613 
614  return ks1 == ks2;
615  }
616 
617  friend bool operator!=(const AESKeySeq<Rounds, KeySeqGenerator> &seq1,
618  const AESKeySeq<Rounds, KeySeqGenerator> &seq2)
619  {
620  return !(seq1 == seq2);
621  }
622 
623  template <typename CharT, typename Traits>
624  friend std::basic_ostream<CharT, Traits> &operator<<(
625  std::basic_ostream<CharT, Traits> &os,
626  const AESKeySeq<Rounds, KeySeqGenerator> &seq)
627  {
628  if (!os)
629  return os;
630 
631  alignas(16) std::array<std::uint64_t, 2 * (Rounds + 1)> ks;
632  std::memcpy(ks.data(), seq.key_seq_.data(), 16 * (Rounds + 1));
633  os << ks;
634 
635  return os;
636  }
637 
638  template <typename CharT, typename Traits>
639  friend std::basic_istream<CharT, Traits> &operator>>(
640  std::basic_istream<CharT, Traits> &is,
641  AESKeySeq<Rounds, KeySeqGenerator> &seq)
642  {
643  if (!is)
644  return is;
645 
646  alignas(16) std::array<std::uint64_t, 2 * (Rounds + 1)> ks;
647  is >> ks;
648  if (is)
649  std::memcpy(seq.key_seq_.data(), ks.data(), 16 * (Rounds + 1));
650 
651  return is;
652  }
653 
654  private:
655  std::array<__m128i, Rounds + 1> key_seq_;
656 }; // class AESKeySeq
657 
658 class AES128KeySeqGenerator
659 {
660  public:
661  using key_type = std::array<std::uint64_t, 2>;
662 
663  template <std::size_t Rp1>
664  void operator()(const key_type &key, std::array<__m128i, Rp1> &rk)
665  {
666  xmm1_ = _mm_loadu_si128(reinterpret_cast<const __m128i *>(key.data()));
667  std::get<0>(rk) = xmm1_;
668  generate_seq<1>(rk, std::integral_constant<bool, 1 < Rp1>());
669  }
670 
671  private:
672  __m128i xmm1_;
673  __m128i xmm2_;
674  __m128i xmm3_;
675 
676  template <std::size_t, std::size_t Rp1>
677  void generate_seq(std::array<__m128i, Rp1> &, std::false_type)
678  {
679  }
680 
681  template <std::size_t N, std::size_t Rp1>
682  void generate_seq(std::array<__m128i, Rp1> &rk, std::true_type)
683  {
684  xmm2_ = AESKeyGenAssist<N % 256>(xmm1_);
685  expand_key();
686  std::get<N>(rk) = xmm1_;
687  generate_seq<N + 1>(rk, std::integral_constant<bool, N + 1 < Rp1>());
688  }
689 
690  void expand_key()
691  {
692  xmm2_ = _mm_shuffle_epi32(xmm2_, 0xFF); // pshufd xmm2, xmm2, 0xFF
693  xmm3_ = _mm_slli_si128(xmm1_, 0x04); // pslldq xmm3, 0x04
694  xmm1_ = _mm_xor_si128(xmm1_, xmm3_); // pxor xmm1, xmm3
695  xmm3_ = _mm_slli_si128(xmm3_, 0x04); // pslldq xmm3, 0x04
696  xmm1_ = _mm_xor_si128(xmm1_, xmm3_); // pxor xmm1, xmm3
697  xmm3_ = _mm_slli_si128(xmm3_, 0x04); // pslldq xmm3, 0x04
698  xmm1_ = _mm_xor_si128(xmm1_, xmm3_); // pxor xmm1, xmm3
699  xmm1_ = _mm_xor_si128(xmm1_, xmm2_); // pxor xmm1, xmm2
700  }
701 }; // class AES128KeySeq
702 
703 class AES192KeySeqGenerator
704 {
705  public:
706  using key_type = std::array<std::uint64_t, 3>;
707 
708  template <std::size_t Rp1>
709  void operator()(const key_type &key, std::array<__m128i, Rp1> &rk)
710  {
711  std::array<std::uint64_t, 2> tmp = {{0, std::get<2>(key)}};
712  xmm1_ = _mm_loadu_si128(reinterpret_cast<const __m128i *>(key.data()));
713  xmm7_ = _mm_loadu_si128(reinterpret_cast<const __m128i *>(tmp.data()));
714  std::get<0>(rk) = xmm1_;
715  std::get<1>(rk) = xmm7_;
716 
717  xmm3_ = _mm_setzero_si128();
718  xmm6_ = _mm_setzero_si128();
719  xmm4_ = _mm_shuffle_epi32(xmm7_, 0x4F); // pshufd xmm4, xmm7, 0x4F
720 
721  std::array<unsigned char, Rp1 * 16 + 16> rk_tmp;
722  generate_seq<1, Rp1>(
723  rk_tmp.data(), std::integral_constant<bool, 24 < Rp1 * 16>());
724  copy_key(
725  rk, rk_tmp.data(), std::integral_constant<bool, 24 < Rp1 * 16>());
726  }
727 
728  private:
729  __m128i xmm1_;
730  __m128i xmm2_;
731  __m128i xmm3_;
732  __m128i xmm4_;
733  __m128i xmm5_;
734  __m128i xmm6_;
735  __m128i xmm7_;
736 
737  template <std::size_t, std::size_t>
738  void generate_seq(unsigned char *, std::false_type)
739  {
740  }
741 
742  template <std::size_t N, std::size_t Rp1>
743  void generate_seq(unsigned char *rk_ptr, std::true_type)
744  {
745  generate_key<N>(rk_ptr);
746  complete_key<N>(
747  rk_ptr, std::integral_constant<bool, N * 24 + 16 < Rp1 * 16>());
748  generate_seq<N + 1, Rp1>(
749  rk_ptr, std::integral_constant<bool, N * 24 + 24 < Rp1 * 16>());
750  }
751 
752  template <std::size_t N>
753  void generate_key(unsigned char *rk_ptr)
754  {
755  // In entry, N * 24 < Rp1 * 16
756  // Required Storage: N * 24 + 16;
757 
758  xmm2_ = AESKeyGenAssist<N % 256>(xmm4_);
759  generate_key_expansion();
760  _mm_storeu_si128(reinterpret_cast<__m128i *>(rk_ptr + N * 24), xmm1_);
761  }
762 
763  template <std::size_t>
764  void complete_key(unsigned char *, std::false_type)
765  {
766  }
767 
768  template <std::size_t N>
769  void complete_key(unsigned char *rk_ptr, std::true_type)
770  {
771  // In entry, N * 24 + 16 < Rp1 * 16
772  // Required storage: N * 24 + 32
773 
774  complete_key_expansion();
775  _mm_storeu_si128(
776  reinterpret_cast<__m128i *>(rk_ptr + N * 24 + 16), xmm7_);
777  }
778 
779  void generate_key_expansion()
780  {
781  xmm2_ = _mm_shuffle_epi32(xmm2_, 0xFF); // pshufd xmm2, xmm2, 0xFF
782  xmm3_ = _mm_castps_si128( // shufps xmm3, xmm1, 0x10
783  _mm_shuffle_ps(
784  _mm_castsi128_ps(xmm3_), _mm_castsi128_ps(xmm1_), 0x10));
785  xmm1_ = _mm_xor_si128(xmm1_, xmm3_); // pxor xmm1, xmm3
786  xmm3_ = _mm_castps_si128(_mm_shuffle_ps( // shufps xmm3, xmm1, 0x10
787  _mm_castsi128_ps(xmm3_), _mm_castsi128_ps(xmm1_), 0x8C));
788  xmm1_ = _mm_xor_si128(xmm1_, xmm3_); // pxor xmm1, xmm3
789  xmm1_ = _mm_xor_si128(xmm1_, xmm2_); // pxor xmm1, xmm2
790  }
791 
792  void complete_key_expansion()
793  {
794  xmm5_ = xmm4_; // movdqa xmm5, xmm4
795  xmm5_ = _mm_slli_si128(xmm5_, 0x04); // pslldq xmm5, 0x04
796  xmm6_ = _mm_castps_si128(_mm_shuffle_ps( // shufps xmm6, xmm1, 0x10
797  _mm_castsi128_ps(xmm6_), _mm_castsi128_ps(xmm1_), 0xF0));
798  xmm6_ = _mm_xor_si128(xmm6_, xmm5_); // pxor xmm6, xmm5
799  xmm4_ = _mm_xor_si128(xmm4_, xmm6_); // pxor xmm4, xmm6
800  xmm7_ = _mm_shuffle_epi32(xmm4_, 0x0E); // pshufd xmm7, xmm4, 0x0E
801  }
802 
803  template <std::size_t Rp1>
804  void copy_key(
805  std::array<__m128i, Rp1> &, const unsigned char *, std::false_type)
806  {
807  }
808 
809  template <std::size_t Rp1>
810  void copy_key(std::array<__m128i, Rp1> &rk, const unsigned char *rk_ptr,
811  std::true_type)
812  {
813  unsigned char *dst = reinterpret_cast<unsigned char *>(rk.data());
814  std::memcpy(dst + 24, rk_ptr + 24, Rp1 * 16 - 24);
815  }
816 }; // class AES192KeySeq
817 
818 class AES256KeySeqGenerator
819 {
820  public:
821  using key_type = std::array<std::uint64_t, 4>;
822 
823  template <std::size_t Rp1>
824  void operator()(const key_type &key, std::array<__m128i, Rp1> &rk)
825  {
826  xmm1_ = _mm_loadu_si128(reinterpret_cast<const __m128i *>(key.data()));
827  xmm3_ =
828  _mm_loadu_si128(reinterpret_cast<const __m128i *>(key.data() + 2));
829  std::get<0>(rk) = xmm1_;
830  std::get<1>(rk) = xmm3_;
831  generate_seq<2>(rk, std::integral_constant<bool, 2 < Rp1>());
832  }
833 
834  private:
835  __m128i xmm1_;
836  __m128i xmm2_;
837  __m128i xmm3_;
838  __m128i xmm4_;
839 
840  template <std::size_t, std::size_t Rp1>
841  void generate_seq(std::array<__m128i, Rp1> &, std::false_type)
842  {
843  }
844 
845  template <std::size_t N, std::size_t Rp1>
846  void generate_seq(std::array<__m128i, Rp1> &rk, std::true_type)
847  {
848  generate_key<N>(rk, std::integral_constant<bool, N % 2 == 0>());
849  generate_seq<N + 1>(rk, std::integral_constant<bool, N + 1 < Rp1>());
850  }
851 
852  template <std::size_t N, std::size_t Rp1>
853  void generate_key(std::array<__m128i, Rp1> &rk, std::true_type)
854  {
855  xmm2_ = AESKeyGenAssist<(N / 2) % 256>(xmm3_);
856  expand_key(std::true_type());
857  std::get<N>(rk) = xmm1_;
858  }
859 
860  template <std::size_t N, std::size_t Rp1>
861  void generate_key(std::array<__m128i, Rp1> &rk, std::false_type)
862  {
863  xmm4_ = _mm_aeskeygenassist_si128(xmm1_, 0);
864  expand_key(std::false_type());
865  std::get<N>(rk) = xmm3_;
866  }
867 
868  void expand_key(std::true_type)
869  {
870  xmm2_ = _mm_shuffle_epi32(xmm2_, 0xFF); // pshufd xmm2, xmm2, 0xFF
871  xmm4_ = _mm_slli_si128(xmm1_, 0x04); // pslldq xmm4, 0x04
872  xmm1_ = _mm_xor_si128(xmm1_, xmm4_); // pxor xmm1, xmm4
873  xmm4_ = _mm_slli_si128(xmm4_, 0x04); // pslldq xmm4, 0x04
874  xmm1_ = _mm_xor_si128(xmm1_, xmm4_); // pxor xmm1, xmm4
875  xmm4_ = _mm_slli_si128(xmm4_, 0x04); // pslldq xmm4, 0x04
876  xmm1_ = _mm_xor_si128(xmm1_, xmm4_); // pxor xmm1, xmm4
877  xmm1_ = _mm_xor_si128(xmm1_, xmm2_); // pxor xmm1, xmm2
878  }
879 
880  void expand_key(std::false_type)
881  {
882  xmm2_ = _mm_shuffle_epi32(xmm4_, 0xAA); // pshufd xmm2, xmm4, 0xAA
883  xmm4_ = _mm_slli_si128(xmm3_, 0x04); // pslldq xmm4, 0x04
884  xmm3_ = _mm_xor_si128(xmm3_, xmm4_); // pxor xmm3, xmm4
885  xmm4_ = _mm_slli_si128(xmm4_, 0x04); // pslldq xmm4, 0x04
886  xmm3_ = _mm_xor_si128(xmm3_, xmm4_); // pxor xmm3, xmm4
887  xmm4_ = _mm_slli_si128(xmm4_, 0x04); // pslldq xmm4, 0x04
888  xmm3_ = _mm_xor_si128(xmm3_, xmm4_); // pxor xmm3, xmm4
889  xmm3_ = _mm_xor_si128(xmm3_, xmm2_); // pxor xmm1, xmm2
890  }
891 }; // class AESKey256
892 
893 template <typename Constants>
894 class ARSKeySeqImpl
895 {
896  template <std::size_t I>
897  using weyl = typename Constants::template weyl<I>;
898 
899  public:
900  using key_type = std::array<std::uint64_t, 2>;
901 
902  ARSKeySeqImpl() : key_(_mm_setzero_si128()) {}
903 
904  void reset(const key_type &key)
905  {
906  key_ = _mm_loadu_si128(reinterpret_cast<const __m128i *>(key.data()));
907  }
908 
909  template <std::size_t Rp1>
910  const std::array<__m128i, Rp1> &operator()(
911  std::array<__m128i, Rp1> &rk) const
912  {
913  std::array<std::uint64_t, 2> tmp = {{weyl<0>::value, weyl<1>::value}};
914  __m128i w =
915  _mm_loadu_si128(reinterpret_cast<const __m128i *>(tmp.data()));
916  std::get<0>(rk) = key_;
917  generate<1>(rk, w, std::integral_constant<bool, 1 < Rp1>());
918 
919  return rk;
920  }
921 
922  friend bool operator==(
923  const ARSKeySeqImpl &seq1, const ARSKeySeqImpl &seq2)
924  {
925  alignas(16) key_type k1;
926  alignas(16) key_type k2;
927  _mm_store_si128(reinterpret_cast<__m128i *>(k1.data()), seq1.key_);
928  _mm_store_si128(reinterpret_cast<__m128i *>(k2.data()), seq2.key_);
929 
930  return k1 == k2;
931  }
932 
933  friend bool operator!=(
934  const ARSKeySeqImpl &seq1, const ARSKeySeqImpl &seq2)
935  {
936  return !(seq1 == seq2);
937  }
938 
939  template <typename CharT, typename Traits>
940  friend std::basic_ostream<CharT, Traits> &operator<<(
941  std::basic_ostream<CharT, Traits> &os, const ARSKeySeqImpl &seq)
942  {
943  if (!os)
944  return os;
945 
946  alignas(16) key_type k;
947  _mm_store_si128(reinterpret_cast<__m128i *>(k.data()), seq.key_);
948  os << k;
949 
950  return os;
951  }
952 
953  template <typename CharT, typename Traits>
954  friend std::basic_istream<CharT, Traits> &operator>>(
955  std::basic_istream<CharT, Traits> &is, ARSKeySeqImpl &seq)
956  {
957  if (!is)
958  return is;
959 
960  alignas(16) key_type k = {{0}};
961  is >> k;
962  if (is) {
963  seq.key_ =
964  _mm_load_si128(reinterpret_cast<const __m128i *>(k.data()));
965  }
966 
967  return is;
968  }
969 
970  private:
971  template <std::size_t, std::size_t Rp1>
972  void generate(
973  std::array<__m128i, Rp1> &, const __m128i &, std::false_type) const
974  {
975  }
976 
977  template <std::size_t N, std::size_t Rp1>
978  void generate(
979  std::array<__m128i, Rp1> &rk, const __m128i &w, std::true_type) const
980  {
981  std::get<N>(rk) = _mm_add_epi64(std::get<N - 1>(rk), w);
982  generate<N + 1>(rk, w, std::integral_constant<bool, N + 1 < Rp1>());
983  }
984 
985  private:
986  __m128i key_;
987 }; // class ARSKeySeqImpl
988 
989 } // namespace vsmc::internal
990 
993 template <std::size_t Rounds>
994 using AES128KeySeq =
995  internal::AESKeySeq<Rounds, internal::AES128KeySeqGenerator>;
996 
999 template <std::size_t Rounds>
1000 using AES192KeySeq =
1001  internal::AESKeySeq<Rounds, internal::AES192KeySeqGenerator>;
1002 
1005 template <std::size_t Rounds>
1006 using AES256KeySeq =
1007  internal::AESKeySeq<Rounds, internal::AES256KeySeqGenerator>;
1008 
1019 template <typename Constants = ARSConstants>
1020 using ARSKeySeq = internal::ARSKeySeqImpl<Constants>;
1021 
1024 template <typename ResultType, std::size_t Rounds = VSMC_RNG_AES128_ROUNDS,
1025  std::size_t Blocks = VSMC_RNG_AES_NI_BLOCKS>
1026 using AES128Engine =
1027  AESNIEngine<ResultType, AES128KeySeq<Rounds>, Rounds, Blocks>;
1028 
1031 template <typename ResultType, std::size_t Rounds = VSMC_RNG_AES192_ROUNDS,
1032  std::size_t Blocks = VSMC_RNG_AES_NI_BLOCKS>
1033 using AES192Engine =
1034  AESNIEngine<ResultType, AES192KeySeq<Rounds>, Rounds, Blocks>;
1035 
1038 template <typename ResultType, std::size_t Rounds = VSMC_RNG_AES256_ROUNDS,
1039  std::size_t Blocks = VSMC_RNG_AES_NI_BLOCKS>
1040 using AES256Engine =
1041  AESNIEngine<ResultType, AES256KeySeq<Rounds>, Rounds, Blocks>;
1042 
1045 template <typename ResultType, std::size_t Rounds = VSMC_RNG_ARS_ROUNDS,
1046  std::size_t Blocks = VSMC_RNG_AES_NI_BLOCKS,
1047  typename Constants = ARSConstants>
1048 using ARSEngine =
1049  AESNIEngine<ResultType, ARSKeySeq<Constants>, Rounds, Blocks>;
1050 
1053 using AES128x1 = AES128Engine<std::uint32_t, VSMC_RNG_AES128_ROUNDS, 1>;
1054 
1057 using AES128x2 = AES128Engine<std::uint32_t, VSMC_RNG_AES128_ROUNDS, 2>;
1058 
1061 using AES128x4 = AES128Engine<std::uint32_t, VSMC_RNG_AES128_ROUNDS, 4>;
1062 
1065 using AES128x8 = AES128Engine<std::uint32_t, VSMC_RNG_AES128_ROUNDS, 8>;
1066 
1069 using AES128x1_64 = AES128Engine<std::uint64_t, VSMC_RNG_AES128_ROUNDS, 1>;
1070 
1073 using AES128x2_64 = AES128Engine<std::uint64_t, VSMC_RNG_AES128_ROUNDS, 2>;
1074 
1077 using AES128x4_64 = AES128Engine<std::uint64_t, VSMC_RNG_AES128_ROUNDS, 4>;
1078 
1081 using AES128x8_64 = AES128Engine<std::uint64_t, VSMC_RNG_AES128_ROUNDS, 8>;
1082 
1084 using AES128 = AES128Engine<std::uint32_t>;
1085 
1088 using AES128_64 = AES128Engine<std::uint64_t>;
1089 
1092 using AES192x1 = AES192Engine<std::uint32_t, VSMC_RNG_AES192_ROUNDS, 1>;
1093 
1096 using AES192x2 = AES192Engine<std::uint32_t, VSMC_RNG_AES192_ROUNDS, 2>;
1097 
1100 using AES192x4 = AES192Engine<std::uint32_t, VSMC_RNG_AES192_ROUNDS, 4>;
1101 
1104 using AES192x8 = AES192Engine<std::uint32_t, VSMC_RNG_AES192_ROUNDS, 8>;
1105 
1108 using AES192x1_64 = AES192Engine<std::uint64_t, VSMC_RNG_AES192_ROUNDS, 1>;
1109 
1112 using AES192x2_64 = AES192Engine<std::uint64_t, VSMC_RNG_AES192_ROUNDS, 2>;
1113 
1116 using AES192x4_64 = AES192Engine<std::uint64_t, VSMC_RNG_AES192_ROUNDS, 4>;
1117 
1120 using AES192x8_64 = AES192Engine<std::uint64_t, VSMC_RNG_AES192_ROUNDS, 8>;
1121 
1124 using AES192 = AES192Engine<std::uint32_t>;
1125 
1128 using AES192_64 = AES192Engine<std::uint64_t>;
1129 
1132 using AES256x1 = AES256Engine<std::uint32_t, VSMC_RNG_AES256_ROUNDS, 1>;
1133 
1136 using AES256x2 = AES256Engine<std::uint32_t, VSMC_RNG_AES256_ROUNDS, 2>;
1137 
1140 using AES256x4 = AES256Engine<std::uint32_t, VSMC_RNG_AES256_ROUNDS, 4>;
1141 
1144 using AES256x8 = AES256Engine<std::uint32_t, VSMC_RNG_AES256_ROUNDS, 8>;
1145 
1148 using AES256x1_64 = AES256Engine<std::uint64_t, VSMC_RNG_AES256_ROUNDS, 1>;
1149 
1152 using AES256x2_64 = AES256Engine<std::uint64_t, VSMC_RNG_AES256_ROUNDS, 2>;
1153 
1156 using AES256x4_64 = AES256Engine<std::uint64_t, VSMC_RNG_AES256_ROUNDS, 4>;
1157 
1160 using AES256x8_64 = AES256Engine<std::uint64_t, VSMC_RNG_AES256_ROUNDS, 8>;
1161 
1164 using AES256 = AES256Engine<std::uint32_t>;
1165 
1168 using AES256_64 = AES256Engine<std::uint64_t>;
1169 
1173 using ARSx1 = ARSEngine<std::uint32_t, VSMC_RNG_ARS_ROUNDS, 1>;
1174 
1178 using ARSx2 = ARSEngine<std::uint32_t, VSMC_RNG_ARS_ROUNDS, 2>;
1179 
1183 using ARSx4 = ARSEngine<std::uint32_t, VSMC_RNG_ARS_ROUNDS, 4>;
1184 
1188 using ARSx8 = ARSEngine<std::uint32_t, VSMC_RNG_ARS_ROUNDS, 8>;
1189 
1193 using ARSx1_64 = ARSEngine<std::uint64_t, VSMC_RNG_ARS_ROUNDS, 1>;
1194 
1198 using ARSx2_64 = ARSEngine<std::uint64_t, VSMC_RNG_ARS_ROUNDS, 2>;
1199 
1203 using ARSx4_64 = ARSEngine<std::uint64_t, VSMC_RNG_ARS_ROUNDS, 4>;
1204 
1208 using ARSx8_64 = ARSEngine<std::uint64_t, VSMC_RNG_ARS_ROUNDS, 8>;
1209 
1213 using ARS = ARSEngine<std::uint32_t>;
1214 
1218 using ARS_64 = ARSEngine<std::uint64_t>;
1219 
1220 } // namespace vsmc
1221 
1222 #ifdef VSMC_GCC
1223 #if __GNUC__ >= 6
1224 #pragma GCC diagnostic pop
1225 #endif
1226 #endif
1227 
1228 #endif // VSMC_RNG_AES_NI_HPP
UINT64_C
#define UINT64_C(x)
Definition: opencl.h:44
vsmc
Definition: monitor.hpp:48
vsmc::AESNIGenerator::enc
void enc(const ctr_type &ctr, ctr_type &buffer) const
Definition: aes_ni.hpp:102
vsmc::internal::AES192KeySeqGenerator::operator()
void operator()(const key_type &key, std::array< __m128i, Rp1 > &rk)
Definition: aes_ni.hpp:709
VSMC_RNG_AES128_ROUNDS
#define VSMC_RNG_AES128_ROUNDS
AES-128 default rounds.
Definition: aes_ni.hpp:55
vsmc::AESNIGenerator::operator>>
friend std::basic_istream< CharT, Traits > & operator>>(std::basic_istream< CharT, Traits > &is, AESNIGenerator< KeySeqType, Rounds, Blocks > &gen)
Definition: aes_ni.hpp:183
vsmc::internal::AESKeySeq::operator()
const std::array< __m128i, Rounds+1 > & operator()(std::array< __m128i, Rounds+1 > &) const
Definition: aes_ni.hpp:600
vsmc::AESNIGenerator::ctr_type
std::array< std::uint64_t, 2 > ctr_type
Definition: aes_ni.hpp:95
VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST
#define VSMC_DEFINE_RNG_AES_KEY_GEN_ASSIST(N, val)
Definition: aes_ni.hpp:46
vsmc::increment
void increment(std::array< T, K > &ctr)
Increment a counter by one.
Definition: counter.hpp:62
vsmc::internal::AESKeyGenAssist
__m128i AESKeyGenAssist(const __m128i &)
uint64_t
ulong uint64_t
Definition: opencl.h:42
vsmc::internal::AESKeySeq::operator==
friend bool operator==(const AESKeySeq< Rounds, KeySeqGenerator > &seq1, const AESKeySeq< Rounds, KeySeqGenerator > &seq2)
Definition: aes_ni.hpp:606
std
STL namespace.
vsmc::CounterEngine
Counter based RNG engine.
Definition: counter.hpp:187
vsmc::internal::AES128KeySeqGenerator::operator()
void operator()(const key_type &key, std::array< __m128i, Rp1 > &rk)
Definition: aes_ni.hpp:664
VSMC_RNG_AES192_ROUNDS
#define VSMC_RNG_AES192_ROUNDS
AES-192 default rounds.
Definition: aes_ni.hpp:60
vsmc::AESNIGenerator::operator()
void operator()(ctr_type &ctr, std::size_t n, std::array< ResultType, size()/sizeof(ResultType)> *buffer) const
Definition: aes_ni.hpp:136
vsmc::ARSConstants
Default ARS constants.
Definition: aes_ni.hpp:577
vsmc::internal::ARSKeySeqImpl::operator()
const std::array< __m128i, Rp1 > & operator()(std::array< __m128i, Rp1 > &rk) const
Definition: aes_ni.hpp:910
vsmc::AESNIGenerator::operator<<
friend std::basic_ostream< CharT, Traits > & operator<<(std::basic_ostream< CharT, Traits > &os, const AESNIGenerator< KeySeqType, Rounds, Blocks > &gen)
Definition: aes_ni.hpp:170
vsmc::internal::ARSKeySeqImpl::operator<<
friend std::basic_ostream< CharT, Traits > & operator<<(std::basic_ostream< CharT, Traits > &os, const ARSKeySeqImpl &seq)
Definition: aes_ni.hpp:940
VSMC_RNG_AES256_ROUNDS
#define VSMC_RNG_AES256_ROUNDS
AES-256 default rounds.
Definition: aes_ni.hpp:65
vsmc::internal::AESKeySeq::operator!=
friend bool operator!=(const AESKeySeq< Rounds, KeySeqGenerator > &seq1, const AESKeySeq< Rounds, KeySeqGenerator > &seq2)
Definition: aes_ni.hpp:617
vsmc::internal::AES256KeySeqGenerator::key_type
std::array< std::uint64_t, 4 > key_type
Definition: aes_ni.hpp:821
vsmc::AESNIGenerator::reset
void reset(const key_type &key)
Definition: aes_ni.hpp:100
VSMC_RNG_ARS_ROUNDS
#define VSMC_RNG_ARS_ROUNDS
ARSEngine default rounds.
Definition: aes_ni.hpp:71
vsmc::internal::AESKeySeq::operator<<
friend std::basic_ostream< CharT, Traits > & operator<<(std::basic_ostream< CharT, Traits > &os, const AESKeySeq< Rounds, KeySeqGenerator > &seq)
Definition: aes_ni.hpp:624
vsmc::AESNIGenerator::operator==
friend bool operator==(const AESNIGenerator< KeySeqType, Rounds, Blocks > &gen1, const AESNIGenerator< KeySeqType, Rounds, Blocks > &gen2)
Definition: aes_ni.hpp:155
vsmc::internal::ARSKeySeqImpl::reset
void reset(const key_type &key)
Definition: aes_ni.hpp:904
vsmc::internal::AES192KeySeqGenerator::key_type
std::array< std::uint64_t, 3 > key_type
Definition: aes_ni.hpp:706
vsmc::AESNIGenerator::operator!=
friend bool operator!=(const AESNIGenerator< KeySeqType, Rounds, Blocks > &gen1, const AESNIGenerator< KeySeqType, Rounds, Blocks > &gen2)
Definition: aes_ni.hpp:162
vsmc::internal::AESKeySeq::reset
void reset(const key_type &key)
Definition: aes_ni.hpp:594
vsmc::AESNIGenerator::operator()
void operator()(ctr_type &ctr, std::array< ResultType, size()/sizeof(ResultType)> &buffer) const
Definition: aes_ni.hpp:118
vsmc::internal::ARSKeySeqImpl::operator!=
friend bool operator!=(const ARSKeySeqImpl &seq1, const ARSKeySeqImpl &seq2)
Definition: aes_ni.hpp:933
vsmc::AESNIGenerator::key_type
typename KeySeqType::key_type key_type
Definition: aes_ni.hpp:96
vsmc::internal::ARSKeySeqImpl::operator==
friend bool operator==(const ARSKeySeqImpl &seq1, const ARSKeySeqImpl &seq2)
Definition: aes_ni.hpp:922
vsmc::internal::AES256KeySeqGenerator::operator()
void operator()(const key_type &key, std::array< __m128i, Rp1 > &rk)
Definition: aes_ni.hpp:824
vsmc::internal::AESKeySeq::key_type
typename KeySeqGenerator::key_type key_type
Definition: aes_ni.hpp:592
vsmc::AESNIGenerator::size
static constexpr std::size_t size()
Definition: aes_ni.hpp:98
VSMC_RNG_AES_NI_BLOCKS
#define VSMC_RNG_AES_NI_BLOCKS
AESEngine default blocks.
Definition: aes_ni.hpp:77
vsmc::internal::AES128KeySeqGenerator::key_type
std::array< std::uint64_t, 2 > key_type
Definition: aes_ni.hpp:661
vsmc::internal::AESKeySeq::operator>>
friend std::basic_istream< CharT, Traits > & operator>>(std::basic_istream< CharT, Traits > &is, AESKeySeq< Rounds, KeySeqGenerator > &seq)
Definition: aes_ni.hpp:639
vsmc::internal::ARSKeySeqImpl::operator>>
friend std::basic_istream< CharT, Traits > & operator>>(std::basic_istream< CharT, Traits > &is, ARSKeySeqImpl &seq)
Definition: aes_ni.hpp:954
vsmc::internal::ARSKeySeqImpl::key_type
std::array< std::uint64_t, 2 > key_type
Definition: aes_ni.hpp:900
vsmc::AESNIGenerator
RNG generator using AES-NI instructions.
Definition: aes_ni.hpp:86
Generated by   doxygen 1.8.11