Add AVX2 multi-block Keccak absorb with jagged state layout (#46)

Add AVX2 multi-block Keccak absorb with jagged state layout
Implement SIMD-optimized SHA3/Keccak absorb that fuses data XOR +
permutation into a single loop with one gather/scatter, eliminating
the per-block gather/scatter overhead that made the initial AVX2
permutation slower than scalar.
Key changes:
- New KeccakF1600Avx2Absorb.inc: multi-block absorb assembly using
  Andy Polyakov's plane-per-register technique (CRYPTOGAMS/XKCP),
  with jagged buffer on stack and A_JAGGED offset table for XOR
- New SimdProc5Begin.inc: shared 5-parameter ABI prologue
- Extended K_KECCAK with Jagged offset table mapping standard state
  indices to jagged buffer positions
- Added TKeccakF1600AbsorbProc dispatch (AVX2 + scalar fallback)
- Overrode TSHA3.TransformBytes for multi-block absorb path
- Consolidated TransformBlock to delegate to KeccakF1600_Absorb,
  making scalar absorb endian-safe via le64_copy

Author: Xor-el

HashLib/src/Crypto/HlpSHA3.pas

@@ -48,6 +48,8 @@   TSHA3 = class abstract(TBlockHash, ICryptoNotBuildIn, ITransformBlock)
 
   public
     procedure Initialize; override;
+    procedure TransformBytes(const AData: THashLibByteArray;
+      AIndex, ALength: Int32); override;
 
   end;
 
@@ -404,21 +406,47 @@ procedure TSHA3.Initialize;
 end;
 
 procedure TSHA3.TransformBlock(AData: PByte; ADataLength: Int32; AIndex: Int32);
+begin
+  KeccakF1600_Absorb(@FState[0], AData + AIndex, 1, BlockSize);
+end;
+
+procedure TSHA3.TransformBytes(const AData: THashLibByteArray;
+  AIndex, ALength: Int32);
 var
-  LData: array [0 .. 20] of UInt64;
-  LInnerIdx, LBlockCount: Int32;
+  LPtrData: PByte;
+  LBlockCount: Int32;
 begin
-  TConverters.le64_copy(AData, AIndex, @(LData[0]), 0, ADataLength);
-  LInnerIdx := 0;
-  LBlockCount := BlockSize shr 3;
-  while LInnerIdx < LBlockCount do
+{$IFDEF DEBUG}
+  System.Assert(AIndex >= 0);
+  System.Assert(ALength >= 0);
+  System.Assert(AIndex + ALength <= System.Length(AData));
+{$ENDIF DEBUG}
+  LPtrData := PByte(AData);
+
+  if (not FBuffer.IsEmpty) then
+  begin
+    if (FBuffer.Feed(LPtrData, System.Length(AData), AIndex, ALength,
+      FProcessedBytesCount)) then
+    begin
+      TransformBuffer();
+    end;
+  end;
+
+  LBlockCount := ALength div FBuffer.Length;
+  if LBlockCount > 0 then
   begin
-    FState[LInnerIdx] := FState[LInnerIdx] xor LData[LInnerIdx];
-    System.Inc(LInnerIdx);
+    FProcessedBytesCount := FProcessedBytesCount +
+      UInt64(LBlockCount) * UInt64(FBuffer.Length);
+    KeccakF1600_Absorb(@FState[0], LPtrData + AIndex, LBlockCount, BlockSize);
+    AIndex := AIndex + (LBlockCount * FBuffer.Length);
+    ALength := ALength - (LBlockCount * FBuffer.Length);
   end;
 
-  KeccakF1600_Permute(@FState[0]);
-  System.FillChar(LData, System.SizeOf(LData), UInt64(0));
+  if (ALength > 0) then
+  begin
+    FBuffer.Feed(LPtrData, System.Length(AData), AIndex, ALength,
+      FProcessedBytesCount);
+  end;
 end;
 
 { TSHA3_224 }

HashLib/src/Crypto/HlpSHA3Dispatch.pas

@@ -6,14 +6,18 @@ interface
 
 type
   TKeccakF1600Proc = procedure(AState: Pointer);
+  TKeccakF1600AbsorbProc = procedure(AState: Pointer; AData: PByte;
+    ABlockCount: Int32; ABlockSize: Int32);
 
 var
   KeccakF1600_Permute: TKeccakF1600Proc;
+  KeccakF1600_Absorb: TKeccakF1600AbsorbProc;
 
 implementation
 
 uses
   HlpBits,
+  HlpConverters,
   HlpSimd;
 
 // =============================================================================
@@ -377,6 +381,30 @@ procedure KeccakF1600_Scalar(AState: Pointer);
 {$ENDIF USE_UNROLLED_VARIANT}
 end;
 
+// =============================================================================
+// Scalar absorb: XOR + permute loop (no SIMD)
+// =============================================================================
+
+procedure KeccakF1600_Absorb_Scalar(AState: Pointer; AData: PByte;
+  ABlockCount: Int32; ABlockSize: Int32);
+var
+  LPState: PUInt64;
+  LData: array [0 .. 20] of UInt64;
+  LBlockSizeWords, I, J: Int32;
+begin
+  LPState := PUInt64(AState);
+  LBlockSizeWords := ABlockSize shr 3;
+  for I := 0 to ABlockCount - 1 do
+  begin
+    TConverters.le64_copy(AData, 0, @LData[0], 0, ABlockSize);
+    for J := 0 to LBlockSizeWords - 1 do
+      LPState[J] := LPState[J] xor LData[J];
+    KeccakF1600_Scalar(AState);
+    System.Inc(AData, ABlockSize);
+  end;
+  System.FillChar(LData, System.SizeOf(LData), UInt64(0));
+end;
+
 // =============================================================================
 // SIMD implementations (x86-64 only)
 // =============================================================================
@@ -388,6 +416,7 @@ procedure KeccakF1600_Scalar(AState: Pointer);
     RhotatesLeft: array [0..23] of UInt64;
     RhotatesRight: array [0..23] of UInt64;
     Iotas: array [0..95] of UInt64;
+    Jagged: array [0..24] of Int32;
   end = (
     RhotatesLeft: (
        3, 18, 36, 41,   //  ymm2: [2][0] [4][0] [1][0] [3][0]
@@ -427,7 +456,11 @@ procedure KeccakF1600_Scalar(AState: Pointer);
       $8000000080008081, $8000000080008081, $8000000080008081, $8000000080008081,
       $8000000000008080, $8000000000008080, $8000000000008080, $8000000000008080,
       $0000000080000001, $0000000080000001, $0000000080000001, $0000000080000001,
-      $8000000080008008, $8000000080008008, $8000000080008008, $8000000080008008)
+      $8000000080008008, $8000000080008008, $8000000080008008, $8000000080008008);
+    Jagged: (
+      0, 32, 40, 48, 56, 80, 192, 104, 144, 184,
+      64, 128, 200, 176, 120, 88, 96, 168, 208, 152,
+      72, 160, 136, 112, 216)
   );
 
 procedure KeccakF1600_Avx2(AState: Pointer; AConstants: Pointer);
@@ -440,6 +473,18 @@ procedure KeccakF1600_Avx2_Wrap(AState: Pointer);
   KeccakF1600_Avx2(AState, @K_KECCAK);
 end;
 
+procedure KeccakF1600_Avx2_Absorb(AState: Pointer; AData: PByte;
+  ABlockCount: Int32; ABlockSize: Int32; AConstants: Pointer);
+  {$I ..\Include\Simd\Common\SimdProc5Begin.inc}
+  {$I ..\Include\Simd\SHA3\KeccakF1600Avx2Absorb.inc}
+end;
+
+procedure KeccakF1600_Avx2_Absorb_Wrap(AState: Pointer; AData: PByte;
+  ABlockCount: Int32; ABlockSize: Int32);
+begin
+  KeccakF1600_Avx2_Absorb(AState, AData, ABlockCount, ABlockSize, @K_KECCAK);
+end;
+
 {$ENDIF HASHLIB_X86_64}
 
 // =============================================================================
@@ -453,11 +498,13 @@ procedure InitDispatch();
     TSimdLevel.AVX2:
     begin
       KeccakF1600_Permute := @KeccakF1600_Avx2_Wrap;
+      KeccakF1600_Absorb := @KeccakF1600_Avx2_Absorb_Wrap;
     end;
 {$ENDIF}
     TSimdLevel.Scalar:
     begin
       KeccakF1600_Permute := @KeccakF1600_Scalar;
+      KeccakF1600_Absorb := @KeccakF1600_Absorb_Scalar;
     end;
   end;
 end;

HashLib/src/Include/Simd/Common/SimdProc5Begin.inc

@@ -0,0 +1,28 @@
+// Shared SIMD procedure prologue for 5-parameter assembly functions.
+// After inclusion: rcx = param1, rdx = param2, r8 = param3, r9 = param4, r10 = param5
+// (MS x64 ABI).
+// On FPC non-Windows (System V ABI), remaps rdi,rsi,rdx,rcx,r8 -> rcx,rdx,r8,r9,r10.
+// Move order avoids register clobbering.
+// On MS x64, param5 is loaded from [rsp+40] (after shadow space).
+// Usage:
+//   procedure MyProc(P1, P2: Pointer; P3, P4: Int32; P5: Pointer);
+//     {$I SimdProc5Begin.inc}
+//     // ... SIMD instructions using rcx, rdx, r8, r9, r10 ...
+//   end;
+{$IFDEF FPC}
+  assembler; nostackframe;
+asm
+  {$IFNDEF MSWINDOWS}
+  mov r10, r8
+  mov r9, rcx
+  mov r8, rdx
+  mov rdx, rsi
+  mov rcx, rdi
+  {$ELSE}
+  mov r10, [rsp + 40]
+  {$ENDIF}
+{$ELSE}
+asm
+  .noframe
+  mov r10, [rsp + 40]
+{$ENDIF}