-
Notifications
You must be signed in to change notification settings - Fork 45
Expand file tree
/
Copy pathauto.h
More file actions
77 lines (67 loc) · 2.28 KB
/
auto.h
File metadata and controls
77 lines (67 loc) · 2.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/*
* Copyright (c) The mlkem-native project authors
* Copyright (c) The mldsa-native project authors
* SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
*/
/* References
* ==========
*
* - [HYBRID]
* Hybrid scalar/vector implementations of Keccak and SPHINCS+ on AArch64
* Becker, Kannwischer
* https://eprint.iacr.org/2022/1243
*/
#ifndef MLD_DEV_FIPS202_AARCH64_AUTO_H
#define MLD_DEV_FIPS202_AARCH64_AUTO_H
/* Default FIPS202 assembly profile for AArch64 systems */
/*
* Default logic to decide which implementation to use.
*
*/
/*
* Keccak-f1600
*
* - On Arm-based Apple CPUs, we pick a pure Neon implementation.
* - Otherwise, unless MLD_SYS_AARCH64_SLOW_BARREL_SHIFTER is set,
* we use lazy-rotation scalar assembly from @[HYBRID].
* - Otherwise, if MLD_SYS_AARCH64_SLOW_BARREL_SHIFTER is set, we
* fall back to the standard C implementation.
*/
#if defined(__ARM_FEATURE_SHA3) && defined(__APPLE__)
#include "x1_v84a.h"
#elif !defined(MLD_SYS_AARCH64_SLOW_BARREL_SHIFTER)
#include "x1_scalar.h"
#endif
#if (!defined(MLD_CONFIG_NO_KEYPAIR_API) || \
!defined(MLD_CONFIG_NO_SIGN_API) || !defined(MLD_CONFIG_REDUCE_RAM)) && \
!defined(MLD_CONFIG_SERIAL_FIPS202_ONLY)
/*
* Keccak-f1600x2/x4
*
* The optimal implementation is highly CPU-specific; see @[HYBRID].
*
* For now, if v8.4-A is not implemented, we fall back to Keccak-f1600.
* If v8.4-A is implemented and we are on an Apple CPU, we use a plain
* Neon-based implementation.
* If v8.4-A is implemented and we are not on an Apple CPU, we use a
* scalar/Neon/Neon hybrid.
* The reason for this distinction is that Apple CPUs appear to implement
* the SHA3 instructions on all SIMD units, while Arm CPUs prior to Cortex-X4
* don't, and ordinary Neon instructions are still needed.
*/
#if defined(__ARM_FEATURE_SHA3)
/*
* For Apple-M cores, we use a plain implementation leveraging SHA3
* instructions only.
*/
#if defined(__APPLE__)
#include "x2_v84a.h"
#else
#include "x4_v8a_v84a_scalar.h"
#endif
#else /* __ARM_FEATURE_SHA3 */
#include "x4_v8a_scalar.h"
#endif /* !__ARM_FEATURE_SHA3 */
#endif /* (!MLD_CONFIG_NO_KEYPAIR_API || !MLD_CONFIG_NO_SIGN_API || \
!MLD_CONFIG_REDUCE_RAM) && !MLD_CONFIG_SERIAL_FIPS202_ONLY */
#endif /* !MLD_DEV_FIPS202_AARCH64_AUTO_H */