aesni 0.1.1

AES (Rijndael) block cipher implemented using AES-NI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

use core::mem::transmute;
use super::u64x2;

macro_rules! expand_main {
    ($round:expr, $enc_keys:ident, $pos:expr) => {
        asm!(concat!(
            "aeskeygenassist xmm2, xmm3, ", $round,
            "
            pshufd xmm2, xmm2, 0xff

            movdqa xmm4, xmm1
            pslldq xmm4, 0x4
            pxor xmm1, xmm4

            pslldq xmm4, 0x4
            pxor xmm1, xmm4

            pslldq xmm4, 0x4
            pxor xmm1, xmm4

            pxor xmm1, xmm2
            ")
            : "={xmm1}"($enc_keys[$pos])
            : "{xmm3}"($enc_keys[$pos-1]), "{xmm1}"($enc_keys[$pos-2])
            : "xmm2", "xmm4"
            : "intel", "alignstack", "volatile"
        );
    }
}

macro_rules! expand_round_last {
    ($round:expr, $enc_keys:ident, $dec_keys:ident, $pos:expr) => {
        expand_main!($round, $enc_keys, $pos);
        $dec_keys[$pos] = $enc_keys[$pos];
    }
}

macro_rules! expand_round {
    ($round:expr, $enc_keys:ident, $dec_keys:ident, $pos:expr) => {
        expand_main!($round, $enc_keys, $pos);

        let n = $pos+1;
        asm!("
            aeskeygenassist xmm4, xmm1, 0x00

            pshufd xmm2, xmm4, 0xaa

            movdqa xmm4, xmm3
            pslldq xmm4, 0x4
            pxor xmm3, xmm4

            pslldq xmm4, 0x4
            pxor xmm3, xmm4

            pslldq xmm4, 0x4
            pxor xmm3, xmm4

            pxor xmm3, xmm2
            aesimc xmm0, xmm1
            aesimc xmm5, xmm3
            "
            : "={xmm3}"($enc_keys[n]),
                "={xmm0}"($dec_keys[$pos]), "={xmm5}"($dec_keys[n])
            : "{xmm1}"($enc_keys[$pos]), "{xmm3}"($enc_keys[$pos-1])
            : "xmm2", "xmm4"
            : "intel", "alignstack", "volatile"
        );
    }
}

#[inline]
pub(super) fn expand(key: &[u8; 32]) -> ([u64x2; 15], [u64x2; 15]) {
    let key = *key;
    let mut enc_keys = [u64x2(0, 0); 15];
    let mut dec_keys = [u64x2(0, 0); 15];

    unsafe {
        let mut k1 = [0u8; 16];
        let mut k2 = [0u8; 16];
        k1.copy_from_slice(&key[..16]);
        k2.copy_from_slice(&key[16..]);
        // Here we use the fact that all x86 and x86_64 CPUs are little-endian
        enc_keys[0] = transmute(k1);
        dec_keys[0] = enc_keys[0];
        enc_keys[1] = transmute(k2);

        asm!(
            "aesimc xmm0, xmm1"
            : "={xmm0}"(dec_keys[1])
            : "{xmm1}"(enc_keys[1])
            :
            : "intel", "alignstack"
        );

        expand_round!("0x01", enc_keys, dec_keys, 2);
        expand_round!("0x02", enc_keys, dec_keys, 4);
        expand_round!("0x04", enc_keys, dec_keys, 6);
        expand_round!("0x08", enc_keys, dec_keys, 8);
        expand_round!("0x10", enc_keys, dec_keys, 10);
        expand_round!("0x20", enc_keys, dec_keys, 12);
        expand_round_last!("0x40", enc_keys, dec_keys, 14);
    }

    (enc_keys, dec_keys)
}