gmcrypto-simd 1.3.0

SIMD backends for gmcrypto-core — AVX2 (x86_64) and NEON (aarch64) packed bitsliced SM4 S-box, quarantined to keep `gmcrypto-core` `unsafe_code = forbid`
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

//! SIMD backends for `gmcrypto-core` (v0.5 W4 phase 2 / v0.6 W6).
//!
//! This crate quarantines the unavoidable SIMD `unsafe` (AVX2
//! intrinsics on `x86_64`, NEON on `aarch64`) so that
//! `gmcrypto-core` itself can keep `unsafe_code = "forbid"`. The
//! posture mirrors the established [`gmcrypto-c`] precedent (FFI
//! shim with `unsafe_code = "warn"`).
//!
//! **No stable Rust API.** The crate exposes a small Rust-internal API
//! surface only (no raw pointers, no C ABI), present solely for
//! `gmcrypto-core`'s cross-crate use. Every public entry point is
//! `#[doc(hidden)]` and **not covered by SemVer** — it may change or be
//! removed in any release without notice. It is `rlib`-only; the supported
//! downstream surfaces are the `gmcrypto-core` Rust API and the
//! [`gmcrypto-c`] C ABI. Internal cross-crate use stays sound via the
//! workspace's lockstep publishing policy (sibling crates release together;
//! exact-version sibling pins enforced at the 1.0 publish).
//!
//! # v0.5 W4 phase 2 scope
//!
//! - x86_64 AVX2 8-way packed bitsliced SM4 S-box
//!   ([`sm4::sbox_x8::sbox_x8`]), with runtime AVX2 detection via
//!   the `cpufeatures` crate and silent scalar fallback on non-AVX2
//!   CPUs. 8 input bytes occupy the low lanes of the 256-bit
//!   register; the upper 24 lanes are unused.
//!
//! # v0.6 W6 (phase 3) scope
//!
//! - x86_64 AVX2 32-byte full-width packed bitsliced S-box
//!   ([`sm4::sbox_x32::sbox_x32`]). The intended consumer is an
//!   8-block CBC-decrypt batch fanout in `gmcrypto-core` (8 SM4
//!   blocks × 4 `tau` bytes per round = 32 bytes per call, zero
//!   wasted lanes).
//! - aarch64 NEON 16-byte packed bitsliced S-box
//!   ([`sm4::sbox_x16::sbox_x16`]). NEON is the architectural
//!   baseline on aarch64 (Q5.12 / Q6.3 of the v0.5 / v0.6 scope
//!   docs); compile-time gated, no runtime detect.
//!
//! [`gmcrypto-c`]: https://docs.rs/gmcrypto-c

#![no_std]
// v0.5 W4 phase 2 / v0.6 W6 — this crate is the SIMD-intrinsic
// backend (mirroring `gmcrypto-c`'s FFI-shim posture).
// `core::arch::*` intrinsics are all `unsafe fn`, and
// `#[target_feature(enable = "...")] unsafe fn` is the only
// stable-Rust path on MSRV 1.85 to combine runtime CPU dispatch
// with intrinsic calls. Every `unsafe` block / fn declaration
// carries a `// SAFETY:` comment naming the architectural /
// runtime-detect precondition. The Cargo.toml lint
// `unsafe_code = "warn"` documents intent; this crate-level
// `allow` keeps the per-decl noise out of the review surface
// (same pattern as `gmcrypto-c`'s `src/lib.rs`).
// `gmcrypto-core` itself stays `unsafe_code = "forbid"`.
#![allow(unsafe_code)]

// v0.21 (Q21.5 of `docs/v0.21-scope.md`) — internal-backend contract. Every
// item below is `pub` only so `gmcrypto-core` can call it across the crate
// boundary; it is NOT a stable Rust API. All entry points are `#[doc(hidden)]`
// (kept out of rustdoc + the committed public-api baseline) and not covered by
// SemVer for any external consumer. Internal cross-crate use stays sound via the
// workspace's lockstep publishing policy (sibling crates release together;
// exact-version sibling pins enforced at the 1.0 publish).
#[doc(hidden)]
pub mod ghash;
#[doc(hidden)]
pub mod sm4;

mod detect;

#[doc(hidden)]
pub use detect::{has_avx2, has_pclmulqdq, has_pmull};
#[doc(hidden)]
pub use ghash::ghash_mul;