Merge pull request #316 from ocheron/target-attrs

AESNI and PCLMUL as per-function attributes

cbits/aes/x86ni.c

@@ -46,6 +46,7 @@
 /* old GCC version doesn't cope with the shuffle parameters, that can take 2 values (0xff and 0xaa)
  * in our case, passed as argument despite being a immediate 8 bits constant anyway.
  * un-factorise aes_128_key_expansion into 2 version that have the shuffle parameter explicitly set */
+TARGET_AESNI
 static __m128i aes_128_key_expansion_ff(__m128i key, __m128i keygened)
 {
 	keygened = _mm_shuffle_epi32(keygened, 0xff);
@@ -55,6 +56,7 @@ static __m128i aes_128_key_expansion_ff(__m128i key, __m128i keygened)
 	return _mm_xor_si128(key, keygened);
 }
 
+TARGET_AESNI
 static __m128i aes_128_key_expansion_aa(__m128i key, __m128i keygened)
 {
 	keygened = _mm_shuffle_epi32(keygened, 0xaa);
@@ -64,6 +66,7 @@ static __m128i aes_128_key_expansion_aa(__m128i key, __m128i keygened)
 	return _mm_xor_si128(key, keygened);
 }
 
+TARGET_AESNI
 void cryptonite_aesni_init(aes_key *key, uint8_t *ikey, uint8_t size)
 {
 	__m128i k[28];
@@ -145,6 +148,7 @@ void cryptonite_aesni_init(aes_key *key, uint8_t *ikey, uint8_t size)
 /* TO OPTIMISE: use pcmulqdq... or some faster code.
  * this is the lamest way of doing it, but i'm out of time.
  * this is basically a copy of gf_mulx in gf.c */
+TARGET_AESNI
 static __m128i gfmulx(__m128i v)
 {
 	uint64_t v_[2] ALIGNMENT(16);
@@ -158,6 +162,7 @@ static __m128i gfmulx(__m128i v)
 	return v;
 }
 
+TARGET_AESNI
 static __m128i gfmul_generic(__m128i tag, const table_4bit htable)
 {
 	aes_block _t;
@@ -177,6 +182,7 @@ __m128i (*gfmul_branch_ptr)(__m128i a, const table_4bit t) = gfmul_generic;
  * Adapted from figure 5, with additional byte swapping so that interface
  * is simimar to cryptonite_aes_generic_gf_mul.
  */
+TARGET_AESNI_PCLMUL
 static __m128i gfmul_pclmuldq(__m128i a, const table_4bit htable)
 {
 	__m128i b, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7, tmp8, tmp9;
@@ -240,6 +246,7 @@ void cryptonite_aesni_hinit_pclmul(table_4bit htable, const block128 *h)
 	htable->q[1] = bitfn_swap64(h->q[0]);
 }
 
+TARGET_AESNI_PCLMUL
 void cryptonite_aesni_gf_mul_pclmul(block128 *a, const table_4bit htable)
 {
 	__m128i _a, _b;
@@ -257,6 +264,7 @@ void cryptonite_aesni_init_pclmul(void)
 #define gfmul(a,t) (gfmul_generic(a,t))
 #endif
 
+TARGET_AESNI
 static inline __m128i ghash_add(__m128i tag, const table_4bit htable, __m128i m)
 {
 	tag = _mm_xor_si128(tag, m);

cbits/aes/x86ni.h

@@ -40,7 +40,16 @@
 #include <cryptonite_aes.h>
 #include <aes/block128.h>
 
+#ifdef WITH_TARGET_ATTRIBUTES
+#define TARGET_AESNI __attribute__((target("ssse3,aes")))
+#define TARGET_AESNI_PCLMUL __attribute__((target("sse4.1,aes,pclmul")))
+#else
+#define TARGET_AESNI
+#define TARGET_AESNI_PCLMUL
+#endif
+
 #ifdef IMPL_DEBUG
+TARGET_AESNI
 static void block128_sse_print(__m128i m)
 {
 	block128 b;

cbits/aes/x86ni_impl.c

@@ -28,6 +28,7 @@
  * SUCH DAMAGE.
  */
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_encrypt_block)(aes_block *out, aes_key *key, aes_block *in)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -37,6 +38,7 @@ void SIZED(cryptonite_aesni_encrypt_block)(aes_block *out, aes_key *key, aes_blo
 	_mm_storeu_si128((__m128i *) out, m);
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_decrypt_block)(aes_block *out, aes_key *key, aes_block *in)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -46,6 +48,7 @@ void SIZED(cryptonite_aesni_decrypt_block)(aes_block *out, aes_key *key, aes_blo
 	_mm_storeu_si128((__m128i *) out, m);
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_encrypt_ecb)(aes_block *out, aes_key *key, aes_block *in, uint32_t blocks)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -58,6 +61,7 @@ void SIZED(cryptonite_aesni_encrypt_ecb)(aes_block *out, aes_key *key, aes_block
 	}
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_decrypt_ecb)(aes_block *out, aes_key *key, aes_block *in, uint32_t blocks)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -71,6 +75,7 @@ void SIZED(cryptonite_aesni_decrypt_ecb)(aes_block *out, aes_key *key, aes_block
 	}
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_encrypt_cbc)(aes_block *out, aes_key *key, aes_block *_iv, aes_block *in, uint32_t blocks)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -87,6 +92,7 @@ void SIZED(cryptonite_aesni_encrypt_cbc)(aes_block *out, aes_key *key, aes_block
 	}
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_decrypt_cbc)(aes_block *out, aes_key *key, aes_block *_iv, aes_block *in, uint32_t blocks)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -106,6 +112,7 @@ void SIZED(cryptonite_aesni_decrypt_cbc)(aes_block *out, aes_key *key, aes_block
 	}
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_encrypt_ctr)(uint8_t *output, aes_key *key, aes_block *_iv, uint8_t *input, uint32_t len)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -151,6 +158,7 @@ void SIZED(cryptonite_aesni_encrypt_ctr)(uint8_t *output, aes_key *key, aes_bloc
 	return ;
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_encrypt_c32_)(uint8_t *output, aes_key *key, aes_block *_iv, uint8_t *input, uint32_t len)
 {
 	__m128i *k = (__m128i *) key->data;
@@ -192,6 +200,7 @@ void SIZED(cryptonite_aesni_encrypt_c32_)(uint8_t *output, aes_key *key, aes_blo
 	return ;
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_encrypt_xts)(aes_block *out, aes_key *key1, aes_key *key2,
                                aes_block *_tweak, uint32_t spoint, aes_block *in, uint32_t blocks)
 {
@@ -222,6 +231,7 @@ void SIZED(cryptonite_aesni_encrypt_xts)(aes_block *out, aes_key *key1, aes_key
 	} while (0);
 }
 
+TARGET_AESNI
 void SIZED(cryptonite_aesni_gcm_encrypt)(uint8_t *output, aes_gcm *gcm, aes_key *key, uint8_t *input, uint32_t length)
 {
 	__m128i *k = (__m128i *) key->data;

cryptonite.cabal

@@ -103,6 +103,11 @@ Flag check_alignment
   Default:           False
   Manual:            True
 
+Flag use_target_attributes
+  Description:       use GCC / clang function attributes instead of global target options.
+  Default:           True
+  Manual:            True
+
 Library
   Exposed-modules:   Crypto.Cipher.AES
                      Crypto.Cipher.AESGCMSIV
@@ -336,9 +341,13 @@ Library
     c-sources:      cbits/cryptonite_rdrand.c
 
   if flag(support_aesni) && (os(linux) || os(freebsd) || os(osx)) && (arch(i386) || arch(x86_64))
-    CC-options:     -mssse3 -maes -DWITH_AESNI
+    CC-options:     -DWITH_AESNI
+    if !flag(use_target_attributes)
+      CC-options:     -mssse3 -maes
     if flag(support_pclmuldq)
-       CC-options:  -msse4.1 -mpclmul -DWITH_PCLMUL
+      CC-options:   -DWITH_PCLMUL
+      if !flag(use_target_attributes)
+        CC-options:     -msse4.1 -mpclmul
     C-sources:       cbits/aes/x86ni.c
                    , cbits/aes/generic.c
                    , cbits/aes/gf.c
@@ -385,6 +394,8 @@ Library
     Build-depends:   deepseq
   if flag(check_alignment)
     cc-options:     -DWITH_ASSERT_ALIGNMENT
+  if flag(use_target_attributes)
+    cc-options:     -DWITH_TARGET_ATTRIBUTES
 
 Test-Suite test-cryptonite
   type:              exitcode-stdio-1.0