aes 0.9.0

Pure Rust implementation of the Advanced Encryption Standard (a.k.a. Rijndael)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

//! AES encryption support
//!
//! Note that `aes` target feature implicitly enables `neon`, see:
//! https://doc.rust-lang.org/reference/attributes/codegen.html#aarch64
#![allow(unsafe_op_in_unsafe_fn)]

use crate::Block;
use cipher::{
    array::{Array, ArraySize},
    inout::InOut,
};
use core::{arch::aarch64::*, mem};

/// Perform AES encryption using the given expanded keys.
#[target_feature(enable = "aes")]
pub(super) unsafe fn encrypt<const KEYS: usize>(
    keys: &[uint8x16_t; KEYS],
    block: InOut<'_, '_, Block>,
) {
    assert!(KEYS == 11 || KEYS == 13 || KEYS == 15);
    let (in_ptr, out_ptr) = block.into_raw();
    let mut block = vld1q_u8(in_ptr.cast());

    for &key in &keys[..KEYS - 2] {
        // AES single round encryption
        block = vaeseq_u8(block, key);
        // Mix columns
        block = vaesmcq_u8(block);
    }

    // AES single round encryption
    block = vaeseq_u8(block, keys[KEYS - 2]);
    // Final add (bitwise XOR)
    block = veorq_u8(block, keys[KEYS - 1]);

    vst1q_u8(out_ptr.cast(), block);
}

/// Perform AES decryption using the given expanded keys.
#[target_feature(enable = "aes")]
pub(super) unsafe fn decrypt<const KEYS: usize>(
    keys: &[uint8x16_t; KEYS],
    block: InOut<'_, '_, Block>,
) {
    assert!(KEYS == 11 || KEYS == 13 || KEYS == 15);

    let (in_ptr, out_ptr) = block.into_raw();
    let mut block = vld1q_u8(in_ptr.cast());

    for &key in &keys[..KEYS - 2] {
        // AES single round decryption
        block = vaesdq_u8(block, key);
        // Inverse mix columns
        block = vaesimcq_u8(block);
    }

    // AES single round decryption
    block = vaesdq_u8(block, keys[KEYS - 2]);
    // Final add (bitwise XOR)
    block = veorq_u8(block, keys[KEYS - 1]);

    vst1q_u8(out_ptr.cast(), block);
}

/// Perform parallel AES encryption 8-blocks-at-a-time using the given expanded keys.
#[target_feature(enable = "aes")]
pub(super) unsafe fn encrypt_par<const KEYS: usize, ParBlocks: ArraySize>(
    keys: &[uint8x16_t; KEYS],
    blocks: InOut<'_, '_, Array<Block, ParBlocks>>,
) {
    #[inline(always)]
    unsafe fn par_round<ParBlocks: ArraySize>(
        key: uint8x16_t,
        blocks: &mut Array<uint8x16_t, ParBlocks>,
    ) {
        for block in blocks {
            // AES single round encryption and mix columns
            *block = vaesmcq_u8(vaeseq_u8(*block, key));
        }
    }

    assert!(KEYS == 11 || KEYS == 13 || KEYS == 15);

    let (in_ptr, out_ptr) = blocks.into_raw();
    let in_ptr: *const Block = in_ptr.cast();
    let out_ptr: *mut Block = out_ptr.cast();

    // Load plaintext blocks
    let mut blocks: Array<uint8x16_t, ParBlocks> = mem::zeroed();
    for i in 0..ParBlocks::USIZE {
        blocks[i] = vld1q_u8(in_ptr.add(i).cast());
    }

    // Loop is intentionally not used here to enforce inlining
    par_round(keys[0], &mut blocks);
    par_round(keys[1], &mut blocks);
    par_round(keys[2], &mut blocks);
    par_round(keys[3], &mut blocks);
    par_round(keys[4], &mut blocks);
    par_round(keys[5], &mut blocks);
    par_round(keys[6], &mut blocks);
    par_round(keys[7], &mut blocks);
    par_round(keys[8], &mut blocks);
    if KEYS >= 13 {
        par_round(keys[9], &mut blocks);
        par_round(keys[10], &mut blocks);
    }
    if KEYS == 15 {
        par_round(keys[11], &mut blocks);
        par_round(keys[12], &mut blocks);
    }

    for i in 0..ParBlocks::USIZE {
        // AES single round encryption
        blocks[i] = vaeseq_u8(blocks[i], keys[KEYS - 2]);
        // Final add (bitwise XOR)
        blocks[i] = veorq_u8(blocks[i], keys[KEYS - 1]);
        // Save encrypted blocks
        vst1q_u8(out_ptr.add(i).cast(), blocks[i]);
    }
}

/// Perform parallel AES decryption 8-blocks-at-a-time using the given expanded keys.
#[target_feature(enable = "aes")]
pub(super) unsafe fn decrypt_par<const KEYS: usize, ParBlocks: ArraySize>(
    keys: &[uint8x16_t; KEYS],
    blocks: InOut<'_, '_, Array<Block, ParBlocks>>,
) {
    #[inline(always)]
    unsafe fn par_round<ParBlocks: ArraySize>(
        key: uint8x16_t,
        blocks: &mut Array<uint8x16_t, ParBlocks>,
    ) {
        for block in blocks {
            // AES single round decryption and inverse mix columns
            *block = vaesimcq_u8(vaesdq_u8(*block, key));
        }
    }

    assert!(KEYS == 11 || KEYS == 13 || KEYS == 15);

    let (in_ptr, out_ptr) = blocks.into_raw();
    let in_ptr: *const Block = in_ptr.cast();
    let out_ptr: *mut Block = out_ptr.cast();

    // Load encrypted blocks
    let mut blocks: Array<uint8x16_t, ParBlocks> = mem::zeroed();
    for i in 0..ParBlocks::USIZE {
        blocks[i] = vld1q_u8(in_ptr.add(i).cast());
    }

    // Loop is intentionally not used here to enforce inlining
    par_round(keys[0], &mut blocks);
    par_round(keys[1], &mut blocks);
    par_round(keys[2], &mut blocks);
    par_round(keys[3], &mut blocks);
    par_round(keys[4], &mut blocks);
    par_round(keys[5], &mut blocks);
    par_round(keys[6], &mut blocks);
    par_round(keys[7], &mut blocks);
    par_round(keys[8], &mut blocks);
    if KEYS >= 13 {
        par_round(keys[9], &mut blocks);
        par_round(keys[10], &mut blocks);
    }
    if KEYS == 15 {
        par_round(keys[11], &mut blocks);
        par_round(keys[12], &mut blocks);
    }

    for i in 0..ParBlocks::USIZE {
        // AES single round decryption
        blocks[i] = vaesdq_u8(blocks[i], keys[KEYS - 2]);
        // Final add (bitwise XOR)
        blocks[i] = veorq_u8(blocks[i], keys[KEYS - 1]);
        // Save plaintext blocks
        vst1q_u8(out_ptr.add(i) as *mut u8, blocks[i]);
    }
}