Extract ML-KEM SIMD code to C

Cargo.toml

@@ -10,11 +10,8 @@ members = [
     "libcrux-ml-kem",
     "libcrux-simd",
     "libcrux-sha3",
-    "polynomials",
-    "polynomials-avx2",
-    "traits",
-    "polynomials-aarch64",
     "libcrux-ml-dsa",
+    "libcrux-intrinsics",
 ]
 
 [workspace.package]

benchmarks/benches/boringssl/CMakeLists.txt

@@ -20,7 +20,7 @@ FetchContent_MakeAvailable(benchmark)
 FetchContent_Declare(
   boringssl
   GIT_REPOSITORY https://boringssl.googlesource.com/boringssl
-  GIT_TAG        1e3da32f3754b1b9136247ee26308cfd959cbeba
+  GIT_TAG        1eda2363f9e79aaa5febe91d31b6756ae4f24f30
 )
 FetchContent_MakeAvailable(boringssl)
 

benchmarks/benches/boringssl/kyber768.cxx

@@ -2,7 +2,7 @@
 #include <stdlib.h>
 
 #include <openssl/bytestring.h>
-#include <openssl/kyber.h>
+#include <openssl/experimental/kyber.h>
 
 #include <benchmark/benchmark.h>
 
@@ -48,7 +48,7 @@ static void BM_Encapsulation(benchmark::State &state) {
       state.SkipWithError("Error: KYBER_parse_public_key");
     }
 
-    KYBER_encap(ciphertext, shared_secret, sizeof(shared_secret), &pub);
+    KYBER_encap(ciphertext, shared_secret, &pub);
   }
 }
 
@@ -87,7 +87,7 @@ static void BM_Decapsulation(benchmark::State &state) {
       state.SkipWithError("Error: KYBER_parse_private_key()");
     }
 
-    KYBER_decap(shared_secret, sizeof(shared_secret), ciphertext, &priv);
+    KYBER_decap(shared_secret, ciphertext, &priv);
   }
 }
 

benchmarks/benches/boringssl/shake.cxx

@@ -1,7 +1,7 @@
 #include <stdlib.h>
 #include <string>
 
-#include "crypto/kyber/internal.h"
+#include "crypto/keccak/internal.h"
 
 #include <benchmark/benchmark.h>
 
@@ -16,8 +16,10 @@ static void BM_SHAKE128(benchmark::State &state) {
   uint8_t output[SHAKE128_BYTES_TO_OUTPUT];
 
   for (auto _ : state) {
-    BORINGSSL_keccak(output, SHAKE128_BYTES_TO_OUTPUT, input, sizeof(input),
-                     boringssl_shake128);
+      struct BORINGSSL_keccak_st keccak_ctx;
+      BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake128);
+      BORINGSSL_keccak_absorb(&keccak_ctx, input, sizeof(input));
+      BORINGSSL_keccak_squeeze(&keccak_ctx, output, sizeof(output));
   }
 }
 
@@ -32,8 +34,10 @@ static void BM_SHAKE256(benchmark::State &state) {
   uint8_t output[SHAKE256_BYTES_TO_OUTPUT];
 
   for (auto _ : state) {
-    BORINGSSL_keccak(output, SHAKE256_BYTES_TO_OUTPUT, input, sizeof(input),
-                     boringssl_shake256);
+      struct BORINGSSL_keccak_st keccak_ctx;
+      BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256);
+      BORINGSSL_keccak_absorb(&keccak_ctx, input, sizeof(input));
+      BORINGSSL_keccak_squeeze(&keccak_ctx, output, sizeof(output));
   }
 }
 

libcrux-intrinsics/Cargo.toml

@@ -0,0 +1,23 @@
+[package]
+name = "libcrux-intrinsics"
+version.workspace = true
+authors.workspace = true
+license.workspace = true
+homepage.workspace = true
+edition.workspace = true
+repository.workspace = true
+readme.workspace = true
+
+[dependencies]
+# libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" }
+
+# This is only required for verification.
+# The hax config is set by the hax toolchain.
+[target.'cfg(hax)'.dependencies]
+hax-lib = { git = "https://github.com/hacspec/hax/" }
+
+[features]
+simd128 = []
+simd256 = []
+
+[dev-dependencies]

polynomials/build.rs → libcrux-intrinsics/build.rs

@@ -2,21 +2,20 @@ use std::env;
 
 fn main() {
     let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap();
-    let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") {
-        Ok(s) => s == "1" || s == "y" || s == "Y",
-        Err(_) => false,
-    };
+    let disable_simd128 = read_env("LIBCRUX_DISABLE_SIMD128");
+    let disable_simd256 = read_env("LIBCRUX_DISABLE_SIMD256");
 
-    let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") {
-        Ok(s) => s == "1" || s == "y" || s == "Y",
-        Err(_) => false,
-    };
+    // Force a simd build. Make sure you know what you're doing.
+    let enable_simd128 = read_env("LIBCRUX_ENABLE_SIMD128");
+    let enable_simd256 = read_env("LIBCRUX_ENABLE_SIMD256");
 
-    if target_arch == "aarch64" && !disable_simd128 {
+    let simd128_possible = target_arch == "aarch64";
+    if (simd128_possible || enable_simd128) && !disable_simd128 {
         // We enable simd128 on all aarch64 builds.
         println!("cargo:rustc-cfg=feature=\"simd128\"");
     }
-    if target_arch == "x86_64" && !disable_simd256 {
+    let simd126_possible = target_arch == "x86_64";
+    if (simd126_possible || enable_simd256) && !disable_simd256 {
         // We enable simd256 on all x86_64 builds.
         // Note that this doesn't mean the required CPU features are available.
         // But the compiler will support them and the runtime checks ensure that
@@ -26,3 +25,10 @@ fn main() {
         println!("cargo:rustc-cfg=feature=\"simd256\"");
     }
 }
+
+fn read_env(key: &str) -> bool {
+    match env::var(key) {
+        Ok(s) => s == "1" || s == "y" || s == "Y",
+        Err(_) => false,
+    }
+}