aes: soft hazmat modules (#267)

Adds a preliminary module structure for supporting the low-level `hazmat` APIs in the `soft` backend.
RustCrypto · May 30, 2021 · 92704fc · 92704fc
1 parent 93761c2
commit 92704fc
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 19 deletions.
diff --git a/aes/src/hazmat.rs b/aes/src/hazmat.rs
@@ -11,21 +11,22 @@
 //! We do NOT recommending using it to implement any algorithm which has not
 //! received extensive peer review by cryptographers.
 
-use crate::Block;
+use crate::{soft::fixslice::hazmat as soft, Block};
 
-#[cfg(all(target_arch = "aarch64", feature = "armv8"))]
+#[cfg(all(
+    target_arch = "aarch64",
+    feature = "armv8",
+    not(feature = "force-soft")
+))]
 use crate::armv8::hazmat as intrinsics;
 
-#[cfg(any(target_arch = "x86_64", target_arch = "x86"))]
+#[cfg(all(
+    any(target_arch = "x86_64", target_arch = "x86"),
+    not(feature = "force-soft")
+))]
 use crate::ni::hazmat as intrinsics;
 
-#[cfg(not(any(
-    target_arch = "x86_64",
-    target_arch = "x86",
-    all(target_arch = "aarch64", feature = "armv8")
-)))]
-compile_error!("the `hazmat` feature is currently only available on x86/x86-64 or aarch64");
-
+#[cfg(not(feature = "force-soft"))]
 cpufeatures::new!(aes_intrinsics, "aes");
 
 /// ⚠️ AES cipher (encrypt) round function.
@@ -44,11 +45,13 @@ cpufeatures::new!(aes_intrinsics, "aes");
 /// Use this function with great care! See the [module-level documentation][crate::hazmat]
 /// for more information.
 pub fn cipher_round(block: &mut Block, round_key: &Block) {
+    #[cfg(not(feature = "force-soft"))]
     if aes_intrinsics::get() {
         unsafe { intrinsics::cipher_round(block, round_key) };
-    } else {
-        todo!("soft fallback for AES hazmat functions is not yet implemented");
+        return;
     }
+
+    soft::cipher_round(block, round_key);
 }
 
 /// ⚠️ AES equivalent inverse cipher (decrypt) round function.
@@ -67,11 +70,13 @@ pub fn cipher_round(block: &mut Block, round_key: &Block) {
 /// Use this function with great care! See the [module-level documentation][crate::hazmat]
 /// for more information.
 pub fn equiv_inv_cipher_round(block: &mut Block, round_key: &Block) {
+    #[cfg(not(feature = "force-soft"))]
     if aes_intrinsics::get() {
         unsafe { intrinsics::equiv_inv_cipher_round(block, round_key) };
-    } else {
-        todo!("soft fallback for AES hazmat functions is not yet implemented");
+        return;
     }
+
+    soft::equiv_inv_cipher_round(block, round_key);
 }
 
 /// ⚠️ AES mix columns function.
@@ -81,11 +86,13 @@ pub fn equiv_inv_cipher_round(block: &mut Block, round_key: &Block) {
 /// Use this function with great care! See the [module-level documentation][crate::hazmat]
 /// for more information.
 pub fn mix_columns(block: &mut Block) {
+    #[cfg(not(feature = "force-soft"))]
     if aes_intrinsics::get() {
         unsafe { intrinsics::mix_columns(block) };
-    } else {
-        todo!("soft fallback for AES hazmat functions is not yet implemented");
+        return;
     }
+
+    soft::mix_columns(block);
 }
 
 /// ⚠️ AES inverse mix columns function.
@@ -97,9 +104,11 @@ pub fn mix_columns(block: &mut Block) {
 /// Use this function with great care! See the [module-level documentation][crate::hazmat]
 /// for more information.
 pub fn inv_mix_columns(block: &mut Block) {
+    #[cfg(not(feature = "force-soft"))]
     if aes_intrinsics::get() {
         unsafe { intrinsics::inv_mix_columns(block) };
-    } else {
-        todo!("soft fallback for AES hazmat functions is not yet implemented");
+        return;
     }
+
+    soft::inv_mix_columns(block);
 }
diff --git a/aes/src/lib.rs b/aes/src/lib.rs
@@ -93,7 +93,7 @@
 )]
 #![warn(missing_docs, rust_2018_idioms)]
 
-#[cfg(all(feature = "hazmat", not(feature = "force-soft")))]
+#[cfg(feature = "hazmat")]
 pub mod hazmat;
 
 mod soft;

diff --git a/aes/src/soft/fixslice32.rs b/aes/src/soft/fixslice32.rs
@@ -1372,3 +1372,37 @@ fn rotate_rows_and_columns_2_2(x: u32) -> u32 {
     (ror(x, ror_distance(2, 2)) & 0x0f0f0f0f) |
     (ror(x, ror_distance(1, 2)) & 0xf0f0f0f0)
 }
+
+/// Low-level "hazmat" AES functions.
+///
+/// Note: this isn't actually used in the `Aes128`/`Aes192`/`Aes256`
+/// implementations in this crate, but instead provides raw access to
+/// the AES round function gated under the `hazmat` crate feature.
+#[cfg(feature = "hazmat")]
+pub(crate) mod hazmat {
+    use crate::Block;
+
+    /// AES cipher (encrypt) round function.
+    #[inline]
+    pub(crate) fn cipher_round(_block: &mut Block, _round_key: &Block) {
+        todo!();
+    }
+
+    /// AES cipher (encrypt) round function.
+    #[inline]
+    pub(crate) fn equiv_inv_cipher_round(_block: &mut Block, _round_key: &Block) {
+        todo!();
+    }
+
+    /// AES mix columns function.
+    #[inline]
+    pub(crate) fn mix_columns(_block: &mut Block) {
+        todo!();
+    }
+
+    /// AES inverse mix columns function.
+    #[inline]
+    pub(crate) fn inv_mix_columns(_block: &mut Block) {
+        todo!();
+    }
+}
diff --git a/aes/src/soft/fixslice64.rs b/aes/src/soft/fixslice64.rs
@@ -1426,3 +1426,37 @@ fn rotate_rows_and_columns_2_2(x: u64) -> u64 {
     (ror(x, ror_distance(2, 2)) & 0x00ff00ff00ff00ff) |
     (ror(x, ror_distance(1, 2)) & 0xff00ff00ff00ff00)
 }
+
+/// Low-level "hazmat" AES functions.
+///
+/// Note: this isn't actually used in the `Aes128`/`Aes192`/`Aes256`
+/// implementations in this crate, but instead provides raw access to
+/// the AES round function gated under the `hazmat` crate feature.
+#[cfg(feature = "hazmat")]
+pub(crate) mod hazmat {
+    use crate::Block;
+
+    /// AES cipher (encrypt) round function.
+    #[inline]
+    pub(crate) fn cipher_round(_block: &mut Block, _round_key: &Block) {
+        todo!();
+    }
+
+    /// AES cipher (encrypt) round function.
+    #[inline]
+    pub(crate) fn equiv_inv_cipher_round(_block: &mut Block, _round_key: &Block) {
+        todo!();
+    }
+
+    /// AES mix columns function.
+    #[inline]
+    pub(crate) fn mix_columns(_block: &mut Block) {
+        todo!();
+    }
+
+    /// AES inverse mix columns function.
+    #[inline]
+    pub(crate) fn inv_mix_columns(_block: &mut Block) {
+        todo!();
+    }
+}
diff --git a/aes/tests/hazmat.rs b/aes/tests/hazmat.rs
@@ -1,5 +1,6 @@
 //! Tests for low-level "hazmat" AES functions.
 
+// TODO(tarcieri): support for using the hazmat functions with the `soft` backend
 #![cfg(all(feature = "hazmat", not(feature = "force-soft")))]
 
 use aes::Block;