diff --git a/.github/workflows/aes.yml b/.github/workflows/aes.yml index 2575a640..685b7765 100644 --- a/.github/workflows/aes.yml +++ b/.github/workflows/aes.yml @@ -49,17 +49,17 @@ jobs: cargo build --target ${{ matrix.target }} cargo build --target ${{ matrix.target }} --features hazmat - env: - RUSTFLAGS: "-Dwarnings --cfg aes_force_soft" + RUSTFLAGS: '-Dwarnings --cfg aes_backend="soft"' run: | cargo build --target ${{ matrix.target }} cargo build --target ${{ matrix.target }} --features hazmat - env: - RUSTFLAGS: "-Dwarnings --cfg aes_compact" + RUSTFLAGS: '-Dwarnings --cfg aes_compact' run: | cargo build --target ${{ matrix.target }} cargo build --target ${{ matrix.target }} --features hazmat - env: - RUSTFLAGS: "-Dwarnings --cfg aes_force_soft --cfg aes_compact" + RUSTFLAGS: '-Dwarnings --cfg aes_backend="soft" --cfg aes_compact' run: | cargo build --target ${{ matrix.target }} cargo build --target ${{ matrix.target }} --features hazmat @@ -112,7 +112,7 @@ jobs: include: - target: x86_64-unknown-linux-gnu rust: stable - RUSTFLAGS: "-Dwarnings --cfg aes_avx256" + RUSTFLAGS: '-Dwarnings --cfg aes_backend="avx256"' env: CARGO_INCREMENTAL: 0 RUSTFLAGS: ${{ matrix.RUSTFLAGS }} @@ -150,10 +150,7 @@ jobs: include: - target: x86_64-unknown-linux-gnu rust: stable - RUSTFLAGS: "-Dwarnings --cfg aes_avx512" - - target: x86_64-unknown-linux-gnu - rust: stable - RUSTFLAGS: "-Dwarnings --cfg aes_avx256 --cfg aes_avx512" + RUSTFLAGS: '-Dwarnings --cfg aes_backend="avx512"' env: CARGO_INCREMENTAL: 0 RUSTFLAGS: ${{ matrix.RUSTFLAGS }} @@ -214,11 +211,11 @@ jobs: - run: cargo test --target ${{ matrix.target }} --features hazmat - run: cargo test --target ${{ matrix.target }} --all-features - # Tests for the portable software backend (i.e. `aes_force_soft`-only) + # Tests for the portable software backend (i.e. `aes_backend="soft"`-only) soft: runs-on: ubuntu-latest env: - RUSTFLAGS: "-Dwarnings --cfg aes_force_soft" + RUSTFLAGS: '-Dwarnings --cfg aes_backend="soft"' strategy: matrix: include: @@ -280,17 +277,17 @@ jobs: cross test --package aes --target ${{ matrix.target }} cross test --package aes --target ${{ matrix.target }} --features hazmat - env: - RUSTFLAGS: "-Dwarnings --cfg aes_force_soft" + RUSTFLAGS: '-Dwarnings --cfg aes_backend="soft"' run: | cross test --package aes --target ${{ matrix.target }} cross test --package aes --target ${{ matrix.target }} --features hazmat - env: - RUSTFLAGS: "-Dwarnings --cfg aes_compact" + RUSTFLAGS: '-Dwarnings --cfg aes_compact' run: | cross test --package aes --target ${{ matrix.target }} cross test --package aes --target ${{ matrix.target }} --features hazmat - env: - RUSTFLAGS: "-Dwarnings --cfg aes_force_soft --cfg aes_compact" + RUSTFLAGS: '-Dwarnings --cfg aes_backend="soft" --cfg aes_compact' run: | cross test --package aes --target ${{ matrix.target }} cross test --package aes --target ${{ matrix.target }} --features hazmat @@ -322,7 +319,7 @@ jobs: clippy: env: - RUSTFLAGS: "-Dwarnings --cfg aes_compact" + RUSTFLAGS: '-Dwarnings --cfg aes_compact' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/aes/Cargo.toml b/aes/Cargo.toml index 6678460a..d3dd1c05 100644 --- a/aes/Cargo.toml +++ b/aes/Cargo.toml @@ -31,9 +31,7 @@ hazmat = [] # Expose cryptographically hazardous APIs level = "warn" check-cfg = [ 'cfg(aes_compact)', - 'cfg(aes_force_soft)', - 'cfg(aes_avx256)', - 'cfg(aes_avx512)', + 'cfg(aes_backend, values("soft", "avx256", "avx512"))', 'cfg(cpubits, values("16", "32", "64"))' ] diff --git a/aes/src/hazmat.rs b/aes/src/hazmat.rs index 39631f83..f794aa5e 100644 --- a/aes/src/hazmat.rs +++ b/aes/src/hazmat.rs @@ -17,15 +17,18 @@ pub use crate::Block; /// Eight 128-bit AES blocks pub type Block8 = cipher::array::Array; -#[cfg(all(target_arch = "aarch64", not(aes_force_soft)))] +#[cfg(all(target_arch = "aarch64", not(aes_backend = "soft")))] use crate::armv8::hazmat as intrinsics; -#[cfg(all(any(target_arch = "x86_64", target_arch = "x86"), not(aes_force_soft)))] +#[cfg(all( + any(target_arch = "x86", target_arch = "x86_64"), + not(aes_backend = "soft") +))] use crate::x86::ni::hazmat as intrinsics; #[cfg(all( any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64"), - not(aes_force_soft) + not(aes_backend = "soft") ))] cpufeatures::new!(aes_intrinsics, "aes"); @@ -35,7 +38,7 @@ macro_rules! if_intrinsics_available { ($body:expr) => {{ #[cfg(all( any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64"), - not(aes_force_soft) + not(aes_backend = "soft") ))] if aes_intrinsics::get() { unsafe { $body } diff --git a/aes/src/lib.rs b/aes/src/lib.rs index c9f1f605..00293e66 100644 --- a/aes/src/lib.rs +++ b/aes/src/lib.rs @@ -46,7 +46,7 @@ //! will ensure that AESNI and VAES are always used. //! //! Note: Enabling VAES256 or VAES512 still requires specifying `--cfg -//! aes_avx256` or `--cfg aes_avx512` explicitly. +//! aes_backend = "avx256"` or `--cfg aes_backend = "avx512"` explicitly. //! //! Programs built in this manner will crash with an illegal instruction on //! CPUs which do not have AES-NI and VAES enabled. @@ -102,7 +102,7 @@ //! //! You can modify crate using the following configuration flags: //! -//! - `aes_force_soft`: force software implementation. +//! - `aes_backend = "soft"`: force software implementation. //! - `aes_compact`: reduce code size at the cost of slower performance //! (affects only software backend). //! @@ -130,13 +130,13 @@ mod macros; mod soft; cpubits::cfg_if! { - if #[cfg(all(target_arch = "aarch64", not(aes_force_soft)))] { + if #[cfg(all(target_arch = "aarch64", not(aes_backend = "soft")))] { mod armv8; mod autodetect; pub use autodetect::*; } else if #[cfg(all( any(target_arch = "x86", target_arch = "x86_64"), - not(aes_force_soft) + not(aes_backend = "soft") ))] { mod x86; mod autodetect; @@ -188,7 +188,10 @@ mod tests { test_for(soft::Aes256Enc::new(&key_256)); test_for(soft::Aes256Dec::new(&key_256)); - #[cfg(all(any(target_arch = "x86", target_arch = "x86_64"), not(aes_force_soft)))] + #[cfg(all( + any(target_arch = "x86", target_arch = "x86_64"), + not(aes_backend = "soft") + ))] { use super::x86; @@ -206,7 +209,7 @@ mod tests { } } - #[cfg(all(target_arch = "aarch64", not(aes_force_soft)))] + #[cfg(all(target_arch = "aarch64", not(aes_backend = "soft")))] { use super::armv8; diff --git a/aes/src/x86.rs b/aes/src/x86.rs index 327608fe..90192753 100644 --- a/aes/src/x86.rs +++ b/aes/src/x86.rs @@ -1,7 +1,7 @@ pub(crate) mod ni; -#[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] +#[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] pub(crate) mod vaes256; -#[cfg(all(target_arch = "x86_64", aes_avx512))] +#[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] pub(crate) mod vaes512; #[cfg(target_arch = "x86")] @@ -11,7 +11,7 @@ use core::arch::x86_64 as arch; use self::arch::*; use crate::Block; -#[cfg(all(target_arch = "x86_64", aes_avx512))] +#[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] use cipher::consts::U64; use cipher::{ AlgorithmName, BlockCipherDecBackend, BlockCipherDecClosure, BlockCipherDecrypt, @@ -19,15 +19,15 @@ use cipher::{ KeyInit, KeySizeUser, ParBlocksSizeUser, consts::{U8, U16, U24, U32}, }; -#[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] +#[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] use cipher::{Array, InOutBuf, consts::U30, typenum::Unsigned}; -#[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] +#[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] use core::cell::OnceCell; use core::fmt; -#[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] +#[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] pub(crate) type Block30 = Array; -#[cfg(all(target_arch = "x86_64", aes_avx512))] +#[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] pub(crate) type Block64 = Array; pub(crate) mod features { @@ -38,81 +38,81 @@ pub(crate) mod features { pub(crate) mod aes { pub use super::features_aes::*; } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] pub(crate) mod avx { pub use super::features_avx::*; } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] pub(crate) mod avx512f { pub use super::features_avx512f::*; } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] pub(crate) mod vaes { pub use super::features_vaes::*; } } type Simd128RoundKeys = [__m128i; ROUNDS]; -#[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] +#[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] type Simd256RoundKeys = [__m256i; ROUNDS]; -#[cfg(all(target_arch = "x86_64", aes_avx512))] +#[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] type Simd512RoundKeys = [__m512i; ROUNDS]; #[derive(Clone)] enum Backend { Ni, - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] Vaes256, - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] Vaes512, } #[derive(Clone, Copy)] struct Features { - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] avx: self::features::avx::InitToken, - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] avx512f: self::features::avx512f::InitToken, - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] vaes: self::features::vaes::InitToken, } impl Features { fn new() -> Self { Self { - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] avx: self::features::avx::init(), - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] avx512f: self::features::avx512f::init(), - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] vaes: self::features::vaes::init(), } } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] fn has_vaes256(&self) -> bool { #[cfg(target_arch = "x86_64")] - if cfg!(aes_avx256) && self.vaes.get() && self.avx.get() { + if cfg!(aes_backend = "avx256") && self.vaes.get() && self.avx.get() { return true; } false } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] fn has_vaes512(&self) -> bool { #[cfg(target_arch = "x86_64")] - if cfg!(aes_avx512) && self.vaes.get() && self.avx512f.get() { + if cfg!(aes_backend = "avx512") && self.vaes.get() && self.avx512f.get() { return true; } false } fn dispatch(&self) -> Backend { - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] if self.has_vaes512() { return self::Backend::Vaes512; } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] if self.has_vaes256() { return self::Backend::Vaes256; } @@ -138,20 +138,20 @@ macro_rules! define_aes_impl { pub(crate) struct Ni<'a> { pub(crate) keys: &'a Simd128RoundKeys<$rounds>, } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] impl<'a> Ni<'a> { pub const fn par_blocks(&self) -> usize { ::ParBlocksSize::USIZE } } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] impl<'a> From<&Vaes256<'a>> for Ni<'a> { fn from(backend: &Vaes256<'a>) -> Self { Self { keys: backend.keys } } } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] #[derive(Clone)] pub(crate) struct Vaes256<'a> { #[allow(unused)] // TODO: remove once cfg flags are removed @@ -159,14 +159,14 @@ macro_rules! define_aes_impl { pub(crate) keys: &'a Simd128RoundKeys<$rounds>, pub(crate) simd_256_keys: OnceCell>, } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] impl<'a> Vaes256<'a> { #[allow(unused)] // TODO: remove once cfg flags are removed pub const fn par_blocks(&self) -> usize { ::ParBlocksSize::USIZE } } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] impl<'a> From<&Vaes512<'a>> for Vaes256<'a> { fn from(backend: &Vaes512<'a>) -> Self { Self { @@ -177,7 +177,7 @@ macro_rules! define_aes_impl { } } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] pub(crate) struct Vaes512<'a> { pub(crate) features: Features, pub(crate) keys: &'a Simd128RoundKeys<$rounds>, @@ -303,13 +303,13 @@ macro_rules! define_aes_impl { let keys = &self.keys; match features.dispatch() { self::Backend::Ni => f.call(&mut $name_backend::Ni { keys }), - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] self::Backend::Vaes256 => f.call(&mut $name_backend::Vaes256 { features, keys, simd_256_keys: OnceCell::new(), }), - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] self::Backend::Vaes512 => f.call(&mut $name_backend::Vaes512 { features, keys, @@ -390,13 +390,13 @@ macro_rules! define_aes_impl { let keys = &self.keys; match features.dispatch() { self::Backend::Ni => f.call(&mut $name_backend::Ni { keys }), - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] self::Backend::Vaes256 => f.call(&mut $name_backend::Vaes256 { features, keys, simd_256_keys: OnceCell::new(), }), - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] self::Backend::Vaes512 => f.call(&mut $name_backend::Vaes512 { features, keys, @@ -421,11 +421,11 @@ macro_rules! define_aes_impl { impl<'a> BlockSizeUser for $name_backend::Ni<'a> { type BlockSize = U16; } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] impl<'a> BlockSizeUser for $name_backend::Vaes256<'a> { type BlockSize = U16; } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] impl<'a> BlockSizeUser for $name_backend::Vaes512<'a> { type BlockSize = U16; } @@ -433,7 +433,7 @@ macro_rules! define_aes_impl { impl<'a> ParBlocksSizeUser for $name_backend::Ni<'a> { type ParBlocksSize = U8; } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] impl<'a> ParBlocksSizeUser for $name_backend::Vaes256<'a> { // Block size of 30 is chosen based on AVX2's 16 YMM registers. // @@ -443,7 +443,7 @@ macro_rules! define_aes_impl { // This gives (16 - 1 ) * 2 = 30 . type ParBlocksSize = U30; } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] impl<'a> ParBlocksSizeUser for $name_backend::Vaes512<'a> { // Block size of 64 is chosen based on AVX512's 32 ZMM registers. // @@ -470,7 +470,7 @@ macro_rules! define_aes_impl { } } } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] impl<'a> BlockCipherEncBackend for $name_backend::Vaes256<'a> { #[inline] fn encrypt_block(&self, block: InOut<'_, '_, Block>) { @@ -512,7 +512,7 @@ macro_rules! define_aes_impl { } } } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] impl<'a> BlockCipherEncBackend for $name_backend::Vaes512<'a> { #[inline] fn encrypt_block(&self, block: InOut<'_, '_, Block>) { @@ -580,7 +580,7 @@ macro_rules! define_aes_impl { } } } - #[cfg(all(target_arch = "x86_64", any(aes_avx256, aes_avx512)))] + #[cfg(all(target_arch = "x86_64", any(aes_backend = "avx256", aes_backend = "avx512")))] impl<'a> BlockCipherDecBackend for $name_backend::Vaes256<'a> { #[inline] fn decrypt_block(&self, block: InOut<'_, '_, Block>) { @@ -622,7 +622,7 @@ macro_rules! define_aes_impl { } } } - #[cfg(all(target_arch = "x86_64", aes_avx512))] + #[cfg(all(target_arch = "x86_64", aes_backend = "avx512"))] impl<'a> BlockCipherDecBackend for $name_backend::Vaes512<'a> { #[inline] fn decrypt_block(&self, block: InOut<'_, '_, Block>) {