aes: replace inline ASM with ARMv8 intrinsics

Note: bumps the MSRV for `aes_armv8` from 1.65 -> 1.72 Rust 1.72 stabilized the ARMv8 AES intrinsics, which means we no longer need to use inline `asm!` "polyfills" for these functions to support stable Rust.
RustCrypto · Jan 6, 2024 · 433ef1f · 433ef1f
1 parent 6b263c0
commit 433ef1f
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 116 deletions.
diff --git a/.github/workflows/aes.yml b/.github/workflows/aes.yml
@@ -217,7 +217,7 @@ jobs:
  matrix:
  include:
  - target: aarch64-unknown-linux-gnu
- rust: 1.65.0 # MSRV
+ rust: 1.72.0 # MSRV for `aes_armv8`
  runs-on: ubuntu-latest
  # Cross mounts only current package, i.e. by default it ignores workspace's Cargo.toml
  defaults:

diff --git a/aes/src/armv8.rs b/aes/src/armv8.rs
@@ -14,7 +14,6 @@ pub(crate) mod hazmat;
 
 mod encdec;
 mod expand;
-mod intrinsics;
 #[cfg(test)]
 mod test_expand;
 

diff --git a/aes/src/armv8/encdec.rs b/aes/src/armv8/encdec.rs
@@ -4,12 +4,6 @@ use crate::{Block, Block8};
 use cipher::inout::InOut;
 use core::arch::aarch64::*;
 
-// Stable "polyfills" for unstable core::arch::aarch64 intrinsics
-// TODO(tarcieri): remove when these intrinsics have been stabilized
-use super::intrinsics::{
- vaesdq_u8, vaesdq_u8_and_vaesimcq_u8, vaeseq_u8, vaeseq_u8_and_vaesmcq_u8,
-};
-
 /// Perform AES encryption using the given expanded keys.
 #[target_feature(enable = "aes")]
 #[target_feature(enable = "neon")]
@@ -25,8 +19,11 @@ pub(super) unsafe fn encrypt1<const N: usize>(
  let mut state = vld1q_u8(in_ptr as *const u8);
 
  for k in expanded_keys.iter().take(rounds - 1) {
- // AES single round encryption and mix columns
- state = vaeseq_u8_and_vaesmcq_u8(state, *k);
+ // AES single round encryption
+ state = vaeseq_u8(state, *k);
+
+ // Mix columns
+ state = vaesmcq_u8(state);
  }
 
  // AES single round encryption
@@ -65,8 +62,11 @@ pub(super) unsafe fn encrypt8<const N: usize>(
 
  for k in expanded_keys.iter().take(rounds - 1) {
  for i in 0..8 {
- // AES single round encryption and mix columns
- state[i] = vaeseq_u8_and_vaesmcq_u8(state[i], *k);
+ // AES single round encryption
+ state[i] = vaeseq_u8(state[i], *k);
+
+ // Mix columns
+ state[i] = vaesmcq_u8(state[i]);
  }
  }
 
@@ -95,8 +95,11 @@ pub(super) unsafe fn decrypt1<const N: usize>(
  let mut state = vld1q_u8(in_ptr as *const u8);
 
  for k in expanded_keys.iter().take(rounds - 1) {
- // AES single round decryption and inverse mix columns
- state = vaesdq_u8_and_vaesimcq_u8(state, *k);
+ // AES single round decryption
+ state = vaesdq_u8(state, *k);
+
+ // Inverse mix columns
+ state = vaesimcq_u8(state);
  }
 
  // AES single round decryption
@@ -135,8 +138,11 @@ pub(super) unsafe fn decrypt8<const N: usize>(
 
  for k in expanded_keys.iter().take(rounds - 1) {
  for i in 0..8 {
- // AES single round decryption and inverse mix columns
- state[i] = vaesdq_u8_and_vaesimcq_u8(state[i], *k);
+ // AES single round decryption
+ state[i] = vaesdq_u8(state[i], *k);
+
+ // Inverse mix columns
+ state[i] = vaesimcq_u8(state[i]);
  }
  }
 

diff --git a/aes/src/armv8/expand.rs b/aes/src/armv8/expand.rs
@@ -2,10 +2,6 @@
 
 use core::{arch::aarch64::*, mem, slice};
 
-// Stable "polyfills" for unstable core::arch::aarch64 intrinsics
-// TODO(tarcieri): remove when these intrinsics have been stabilized
-use super::intrinsics::{vaeseq_u8, vaesimcq_u8};
-
 /// There are 4 AES words in a block.
 const BLOCK_WORDS: usize = 4;
 

diff --git a/aes/src/armv8/hazmat.rs b/aes/src/armv8/hazmat.rs
@@ -7,9 +7,6 @@
 use crate::{Block, Block8};
 use core::arch::aarch64::*;
 
-// Stable "polyfills" for unstable core::arch::aarch64 intrinsics
-use super::intrinsics::{vaesdq_u8, vaeseq_u8, vaesimcq_u8, vaesmcq_u8};
-
 /// AES cipher (encrypt) round function.
 #[allow(clippy::cast_ptr_alignment)]
 #[target_feature(enable = "aes")]

diff --git a/aes/src/armv8/intrinsics.rs b/aes/src/armv8/intrinsics.rs