1 /*===--------------- sha512intrin.h - SHA512 intrinsics -----------------===
2 *
3 * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 * See https://llvm.org/LICENSE.txt for license information.
5 * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 *
7 *===-----------------------------------------------------------------------===
8 */
9
10 #ifndef __IMMINTRIN_H
11 #error "Never use <sha512intrin.h> directly; include <immintrin.h> instead."
12 #endif // __IMMINTRIN_H
13
14 #ifndef __SHA512INTRIN_H
15 #define __SHA512INTRIN_H
16
17 #define __DEFAULT_FN_ATTRS256 \
18 __attribute__((__always_inline__, __nodebug__, __target__("sha512"), \
19 __min_vector_width__(256)))
20
21 /// This intrinisc is one of the two SHA512 message scheduling instructions.
22 /// The intrinsic performs an intermediate calculation for the next four
23 /// SHA512 message qwords. The calculated results are stored in \a dst.
24 ///
25 /// \headerfile <immintrin.h>
26 ///
27 /// \code
28 /// __m256i _mm256_sha512msg1_epi64(__m256i __A, __m128i __B)
29 /// \endcode
30 ///
31 /// This intrinsic corresponds to the \c VSHA512MSG1 instruction.
32 ///
33 /// \param __A
34 /// A 256-bit vector of [4 x long long].
35 /// \param __B
36 /// A 128-bit vector of [2 x long long].
37 /// \returns
38 /// A 256-bit vector of [4 x long long].
39 ///
40 /// \code{.operation}
41 /// DEFINE ROR64(qword, n) {
42 /// count := n % 64
43 /// dest := (qword >> count) | (qword << (64 - count))
44 /// RETURN dest
45 /// }
46 /// DEFINE SHR64(qword, n) {
47 /// RETURN qword >> n
48 /// }
49 /// DEFINE s0(qword):
50 /// RETURN ROR64(qword,1) ^ ROR64(qword, 8) ^ SHR64(qword, 7)
51 /// }
52 /// W[4] := __B.qword[0]
53 /// W[3] := __A.qword[3]
54 /// W[2] := __A.qword[2]
55 /// W[1] := __A.qword[1]
56 /// W[0] := __A.qword[0]
57 /// dst.qword[3] := W[3] + s0(W[4])
58 /// dst.qword[2] := W[2] + s0(W[3])
59 /// dst.qword[1] := W[1] + s0(W[2])
60 /// dst.qword[0] := W[0] + s0(W[1])
61 /// dst[MAX:256] := 0
62 /// \endcode
63 static __inline__ __m256i __DEFAULT_FN_ATTRS256
_mm256_sha512msg1_epi64(__m256i __A,__m128i __B)64 _mm256_sha512msg1_epi64(__m256i __A, __m128i __B) {
65 return (__m256i)__builtin_ia32_vsha512msg1((__v4du)__A, (__v2du)__B);
66 }
67
68 /// This intrinisc is one of the two SHA512 message scheduling instructions.
69 /// The intrinsic performs the final calculation for the next four SHA512
70 /// message qwords. The calculated results are stored in \a dst.
71 ///
72 /// \headerfile <immintrin.h>
73 ///
74 /// \code
75 /// __m256i _mm256_sha512msg2_epi64(__m256i __A, __m256i __B)
76 /// \endcode
77 ///
78 /// This intrinsic corresponds to the \c VSHA512MSG2 instruction.
79 ///
80 /// \param __A
81 /// A 256-bit vector of [4 x long long].
82 /// \param __B
83 /// A 256-bit vector of [4 x long long].
84 /// \returns
85 /// A 256-bit vector of [4 x long long].
86 ///
87 /// \code{.operation}
88 /// DEFINE ROR64(qword, n) {
89 /// count := n % 64
90 /// dest := (qword >> count) | (qword << (64 - count))
91 /// RETURN dest
92 /// }
93 /// DEFINE SHR64(qword, n) {
94 /// RETURN qword >> n
95 /// }
96 /// DEFINE s1(qword) {
97 /// RETURN ROR64(qword,19) ^ ROR64(qword, 61) ^ SHR64(qword, 6)
98 /// }
99 /// W[14] := __B.qword[2]
100 /// W[15] := __B.qword[3]
101 /// W[16] := __A.qword[0] + s1(W[14])
102 /// W[17] := __A.qword[1] + s1(W[15])
103 /// W[18] := __A.qword[2] + s1(W[16])
104 /// W[19] := __A.qword[3] + s1(W[17])
105 /// dst.qword[3] := W[19]
106 /// dst.qword[2] := W[18]
107 /// dst.qword[1] := W[17]
108 /// dst.qword[0] := W[16]
109 /// dst[MAX:256] := 0
110 /// \endcode
111 static __inline__ __m256i __DEFAULT_FN_ATTRS256
_mm256_sha512msg2_epi64(__m256i __A,__m256i __B)112 _mm256_sha512msg2_epi64(__m256i __A, __m256i __B) {
113 return (__m256i)__builtin_ia32_vsha512msg2((__v4du)__A, (__v4du)__B);
114 }
115
116 /// This intrinisc performs two rounds of SHA512 operation using initial SHA512
117 /// state (C,D,G,H) from \a __A, an initial SHA512 state (A,B,E,F) from
118 /// \a __A, and a pre-computed sum of the next two round message qwords and
119 /// the corresponding round constants from \a __C (only the two lower qwords
120 /// of the third operand). The updated SHA512 state (A,B,E,F) is written to
121 /// \a __A, and \a __A can be used as the updated state (C,D,G,H) in later
122 /// rounds.
123 ///
124 /// \headerfile <immintrin.h>
125 ///
126 /// \code
127 /// __m256i _mm256_sha512rnds2_epi64(__m256i __A, __m256i __B, __m128i __C)
128 /// \endcode
129 ///
130 /// This intrinsic corresponds to the \c VSHA512RNDS2 instruction.
131 ///
132 /// \param __A
133 /// A 256-bit vector of [4 x long long].
134 /// \param __B
135 /// A 256-bit vector of [4 x long long].
136 /// \param __C
137 /// A 128-bit vector of [2 x long long].
138 /// \returns
139 /// A 256-bit vector of [4 x long long].
140 ///
141 /// \code{.operation}
142 /// DEFINE ROR64(qword, n) {
143 /// count := n % 64
144 /// dest := (qword >> count) | (qword << (64 - count))
145 /// RETURN dest
146 /// }
147 /// DEFINE SHR64(qword, n) {
148 /// RETURN qword >> n
149 /// }
150 /// DEFINE cap_sigma0(qword) {
151 /// RETURN ROR64(qword,28) ^ ROR64(qword, 34) ^ ROR64(qword, 39)
152 /// }
153 /// DEFINE cap_sigma1(qword) {
154 /// RETURN ROR64(qword,14) ^ ROR64(qword, 18) ^ ROR64(qword, 41)
155 /// }
156 /// DEFINE MAJ(a,b,c) {
157 /// RETURN (a & b) ^ (a & c) ^ (b & c)
158 /// }
159 /// DEFINE CH(e,f,g) {
160 /// RETURN (e & f) ^ (g & ~e)
161 /// }
162 /// A[0] := __B.qword[3]
163 /// B[0] := __B.qword[2]
164 /// C[0] := __C.qword[3]
165 /// D[0] := __C.qword[2]
166 /// E[0] := __B.qword[1]
167 /// F[0] := __B.qword[0]
168 /// G[0] := __C.qword[1]
169 /// H[0] := __C.qword[0]
170 /// WK[0]:= __A.qword[0]
171 /// WK[1]:= __A.qword[1]
172 /// FOR i := 0 to 1:
173 /// A[i+1] := CH(E[i], F[i], G[i]) +
174 /// cap_sigma1(E[i]) + WK[i] + H[i] +
175 /// MAJ(A[i], B[i], C[i]) +
176 /// cap_sigma0(A[i])
177 /// B[i+1] := A[i]
178 /// C[i+1] := B[i]
179 /// D[i+1] := C[i]
180 /// E[i+1] := CH(E[i], F[i], G[i]) +
181 /// cap_sigma1(E[i]) + WK[i] + H[i] + D[i]
182 /// F[i+1] := E[i]
183 /// G[i+1] := F[i]
184 /// H[i+1] := G[i]
185 /// ENDFOR
186 /// dst.qword[3] := A[2]
187 /// dst.qword[2] := B[2]
188 /// dst.qword[1] := E[2]
189 /// dst.qword[0] := F[2]
190 /// dst[MAX:256] := 0
191 /// \endcode
192 static __inline__ __m256i __DEFAULT_FN_ATTRS256
_mm256_sha512rnds2_epi64(__m256i __A,__m256i __B,__m128i __C)193 _mm256_sha512rnds2_epi64(__m256i __A, __m256i __B, __m128i __C) {
194 return (__m256i)__builtin_ia32_vsha512rnds2((__v4du)__A, (__v4du)__B,
195 (__v2du)__C);
196 }
197
198 #undef __DEFAULT_FN_ATTRS256
199
200 #endif // __SHA512INTRIN_H
201