chacha20

src/attributes.h

@@ -24,4 +24,14 @@
 #  error No known always_inline attribute for this platform.
 #endif
 
+#define PRAGMA(x) _Pragma(#x)
+
+#if defined(__clang__)
+#  define UNROLL_LOOP(N) PRAGMA(clang loop unroll_count(N))
+#elif defined(__GNUC__)
+#  define UNROLL_LOOP(N) PRAGMA(GCC unroll N)
+#else
+#  define UNROLL_LOOP(N)
+#endif
+
 #endif // BITCOIN_ATTRIBUTES_H

src/crypto/CMakeLists.txt

@@ -5,6 +5,7 @@
 add_library(bitcoin_crypto STATIC EXCLUDE_FROM_ALL
   aes.cpp
   chacha20.cpp
+  chacha20_vec_base.cpp
   chacha20poly1305.cpp
   hex_base.cpp
   hkdf_sha256_32.cpp

src/crypto/chacha20.cpp

@@ -7,11 +7,15 @@
 
 #include <crypto/common.h>
 #include <crypto/chacha20.h>
+#include <crypto/chacha20_vec.h>
 #include <support/cleanse.h>
 
 #include <algorithm>
 #include <bit>
 #include <cassert>
+#include <limits>
+
+static_assert(ChaCha20Aligned::BLOCKLEN == CHACHA20_VEC_BLOCKLEN);
 
 #define QUARTERROUND(a,b,c,d) \
   a += b; d = std::rotl(d ^ a, 16); \
@@ -157,13 +161,14 @@ inline void ChaCha20Aligned::Keystream(std::span<std::byte> output) noexcept
     }
 }
 
-inline void ChaCha20Aligned::Crypt(std::span<const std::byte> in_bytes, std::span<std::byte> out_bytes) noexcept
+static inline void chacha20_crypt(std::span<const std::byte> in_bytes, std::span<std::byte> out_bytes, uint32_t input[12]) noexcept
 {
     assert(in_bytes.size() == out_bytes.size());
     const std::byte* m = in_bytes.data();
     std::byte* c = out_bytes.data();
-    size_t blocks = out_bytes.size() / BLOCKLEN;
-    assert(blocks * BLOCKLEN == out_bytes.size());
+    size_t blocks = out_bytes.size() / ChaCha20Aligned::BLOCKLEN;
+    assert(blocks * ChaCha20Aligned::BLOCKLEN == out_bytes.size());
+
 
     uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
     uint32_t j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
@@ -273,8 +278,29 @@ inline void ChaCha20Aligned::Crypt(std::span<const std::byte> in_bytes, std::spa
             return;
         }
         blocks -= 1;
-        c += BLOCKLEN;
-        m += BLOCKLEN;
+        c += ChaCha20Aligned::BLOCKLEN;
+        m += ChaCha20Aligned::BLOCKLEN;
+    }
+}
+
+
+inline void ChaCha20Aligned::Crypt(std::span<const std::byte> in_bytes, std::span<std::byte> out_bytes) noexcept
+{
+    assert(in_bytes.size() == out_bytes.size());
+    size_t blocks = out_bytes.size() / ChaCha20Aligned::BLOCKLEN;
+    assert(blocks * ChaCha20Aligned::BLOCKLEN == out_bytes.size());
+#ifdef ENABLE_CHACHA20_VEC
+    // Only use the vectorized implementations if the counter will not overflow.
+    const bool overflow = static_cast<uint64_t>(input[8]) + blocks > std::numeric_limits<uint32_t>::max();
+    if (blocks > 1 && !overflow) {
+        const auto state = std::to_array(input);
+        chacha20_vec_base::chacha20_crypt_vectorized(in_bytes, out_bytes, state);
+        const size_t blocks_written = blocks - (out_bytes.size() / ChaCha20Aligned::BLOCKLEN);
+        input[8] += blocks_written;
+    }
+#endif
+    if (in_bytes.size()) {
+        chacha20_crypt(in_bytes, out_bytes, input);
     }
 }
 

src/crypto/chacha20_vec.h

@@ -0,0 +1,30 @@
+// Copyright (c) 2025-present The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_CRYPTO_CHACHA20_VEC_H
+#define BITCOIN_CRYPTO_CHACHA20_VEC_H
+
+#include <array>
+#include <cstdint>
+#include <cstddef>
+#include <span>
+
+static constexpr size_t CHACHA20_VEC_BLOCKLEN = 64;
+
+#ifdef __has_builtin
+  #if __has_builtin(__builtin_shufflevector)
+    #define ENABLE_CHACHA20_VEC 1
+  #endif
+#endif
+
+#ifdef ENABLE_CHACHA20_VEC
+
+namespace chacha20_vec_base
+{
+    void chacha20_crypt_vectorized(std::span<const std::byte>& in_bytes, std::span<std::byte>& out_bytes, const std::array<uint32_t, 12>& input) noexcept;
+}
+
+#endif // ENABLE_CHACHA20_VEC
+
+#endif // BITCOIN_CRYPTO_CHACHA20_VEC_H