Create x1 bit interleaving functions with MVE acceleration

Author: bremoran

mlkem/src/fips202/keccakf1600.c

@@ -38,6 +38,12 @@ void mlk_keccakf1600_extract_bytes(uint64_t *state, unsigned char *data,
                                    unsigned offset, unsigned length)
 {
   unsigned i;
+#if defined(MLK_USE_FIPS202_X1_EXTRACT_BYTES_NATIVE)
+  if(mlk_keccakf1600_extract_bytes_x1_native(state, data, offset, length) == MLK_NATIVE_FUNC_SUCCESS)
+  {
+    return;
+  }
+#endif
 #if defined(MLK_SYS_LITTLE_ENDIAN)
   uint8_t *state_ptr = (uint8_t *)state + offset;
   for (i = 0; i < length; i++)
@@ -46,6 +52,7 @@ void mlk_keccakf1600_extract_bytes(uint64_t *state, unsigned char *data,
     data[i] = state_ptr[i];
   }
 #else  /* MLK_SYS_LITTLE_ENDIAN */
+  unsigned i;
   /* Portable version */
   for (i = 0; i < length; i++)
   __loop__(invariant(i <= length))
@@ -59,6 +66,11 @@ void mlk_keccakf1600_xor_bytes(uint64_t *state, const unsigned char *data,
                                unsigned offset, unsigned length)
 {
   unsigned i;
+#if defined(MLK_USE_FIPS202_X1_XOR_BYTES_NATIVE)
+  if (mlk_keccakf1600_xor_bytes_x1_native(state, data, offset, length) == MLK_NATIVE_FUNC_SUCCESS) {
+    return;
+  }
+#endif
 #if defined(MLK_SYS_LITTLE_ENDIAN)
   uint8_t *state_ptr = (uint8_t *)state + offset;
   for (i = 0; i < length; i++)

mlkem/src/fips202/native/armv81m/mve.h

@@ -11,6 +11,9 @@
 /* Part of backend API */
 #define MLK_USE_FIPS202_X1_NATIVE
 #define MLK_USE_FIPS202_X4_NATIVE
+#define MLK_USE_FIPS202_X1_XOR_BYTES_NATIVE
+#define MLK_USE_FIPS202_X1_EXTRACT_BYTES_NATIVE
+
 /* Guard for assembly files */
 #define MLK_FIPS202_ARMV81M_NEED_X1
 #define MLK_FIPS202_ARMV81M_NEED_X4
@@ -39,6 +42,41 @@ static MLK_INLINE int mlk_keccak_f1600_x4_native(uint64_t *state)
   return mlk_keccak_f1600_x4_native_impl(state);
 }
 
+/*
+ * Native x1 XOR bytes (with on-the-fly bit interleaving)
+ */
+#define mlk_keccak_f1600_x1_state_xor_bytes_impl \
+  MLK_NAMESPACE(mlk_keccak_f1600_x1_state_xor_bytes_impl)
+void mlk_keccak_f1600_x1_state_xor_bytes_impl(uint64_t *state, const uint8_t *data,
+                                         unsigned offset,
+                                         unsigned length);
+
+MLK_MUST_CHECK_RETURN_VALUE
+static MLK_INLINE int mlk_keccakf1600_xor_bytes_x1_native(
+    uint64_t *state, const uint8_t *data, unsigned offset,
+    unsigned length)
+{
+  mlk_keccak_f1600_x1_state_xor_bytes_impl(state, data, offset, length);
+  return MLK_NATIVE_FUNC_SUCCESS;
+}
+
+/*
+ * Native x1 extract bytes (with on-the-fly bit de-interleaving)
+ */
+#define mlk_keccak_f1600_x1_state_extract_bytes_impl \
+  MLK_NAMESPACE(mlk_keccak_f1600_x1_state_extract_bytes_impl)
+void mlk_keccak_f1600_x1_state_extract_bytes_impl(uint64_t *state, uint8_t *data,
+                                             unsigned offset,
+                                             unsigned length);
+
+MLK_MUST_CHECK_RETURN_VALUE
+static MLK_INLINE int mlk_keccakf1600_extract_bytes_x1_native(
+    uint64_t *state, uint8_t *data, unsigned offset, unsigned length)
+{
+  mlk_keccak_f1600_x1_state_extract_bytes_impl(state, data, offset, length);
+  return MLK_NATIVE_FUNC_SUCCESS;
+}
+
 #endif /* !__ASSEMBLER__ */
 
 #endif /* !MLK_FIPS202_NATIVE_ARMV81M_MVE_H */

mlkem/src/fips202/native/armv81m/src/fips202_native_armv81m.h

@@ -20,4 +20,15 @@ void mlk_keccak_f1600_x4_mve_asm(uint64_t state[100], uint64_t tmpstate[100],
 #define mlk_keccak_f1600_x1_armv7m_asm MLK_NAMESPACE(keccak_f1600_x1_armv7m_asm)
 void mlk_keccak_f1600_x1_armv7m_asm(uint32_t state[50], const uint32_t rc[49]);
 
+#define mlk_keccak_f1600_x1_state_xor_bytes_asm MLK_NAMESPACE(keccak_f1600_x1_state_xor_bytes_asm)
+void mlk_keccak_f1600_x1_state_xor_bytes_asm(
+    uint64_t *state, const uint8_t *data, unsigned offset,
+    unsigned length);
+
+#define mlk_keccak_f1600_x1_state_extract_bytes_asm MLK_NAMESPACE(keccak_f1600_x1_state_extract_bytes_asm)
+void mlk_keccak_f1600_x1_state_extract_bytes_asm(
+    uint64_t *state, const uint8_t *data, unsigned offset,
+    unsigned length);
+
+
 #endif /* !MLK_FIPS202_NATIVE_ARMV81M_SRC_FIPS202_NATIVE_ARMV81M_H */

mlkem/src/fips202/native/armv81m/src/keccak_f1600_x1_armv7m.c

@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) The mlkem-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+
+#include "../../../../common.h"
+#include "../../../../verify.h"
+
+#if defined(MLK_FIPS202_ARMV81M_NEED_X1) && \
+    !defined(MLK_CONFIG_MULTILEVEL_NO_SHARED)
+
+#include <stdint.h>
+#include "fips202_native_armv81m.h"
+
+void mlk_keccak_f1600_x1_state_extract_bytes_impl(
+    uint64_t *state, uint8_t *data, unsigned offset,
+    unsigned length)
+{
+  mlk_keccak_f1600_x1_state_extract_bytes_asm(state, data, offset, length);
+}
+
+void mlk_keccak_f1600_x1_state_xor_bytes_impl(
+    uint64_t *state, const uint8_t *data, unsigned offset,
+    unsigned length)
+{
+  mlk_keccak_f1600_x1_state_xor_bytes_asm(state, data, offset, length);
+}
+
+
+#define mlk_keccak_f1600_x1_native_impl \
+  MLK_NAMESPACE(keccak_f1600_x1_native_impl)
+int mlk_keccak_f1600_x1_native_impl(uint64_t *state)
+{
+  /* Run the permutation */
+  mlk_keccak_f1600_x1_armv7m_asm((void*)state, mlk_keccakf1600_round_constants);
+  return MLK_NATIVE_FUNC_SUCCESS;
+}
+
+#else /* MLK_FIPS202_ARMV81M_NEED_X1 && !MLK_CONFIG_MULTILEVEL_NO_SHARED */
+
+MLK_EMPTY_CU(keccak_f1600_x1_armv7m)
+
+#endif /* !(MLK_FIPS202_ARMV81M_NEED_X1 && !MLK_CONFIG_MULTILEVEL_NO_SHARED) \
+        */
+
+/* To facilitate single-compilation-unit (SCU) builds, undefine all macros.
+ * Don't modify by hand -- this is auto-generated by scripts/autogen. */
+/* Some macros are kept because they are also defined in a header. */
+/* Keep: mlk_keccak_f1600_x1_native_impl (mve.h) */