implement runtime feature detection for Aarch64

Enable AArch64 feature detection

Bump versions

Update changelog

Include ml-kem, bump versions

Falcon should not be bumped

Should be a semantic bump

Author: thomwiggers

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 2025-03-03
+* Actually enable runtime feature detection on AArch64
+
 ## 2025-02-27
 * Update PQClean to today's version
     * Update SPHINCS+ for some minor improvements. This is not yet SLH-DSA.

generate-implementations.py

@@ -11,6 +11,7 @@
 DEFAULT_X86_AES_GUARD = 'target_arch == "x86_64" && aes_enabled'
 DEFAULT_X86_AVX2_GUARD = 'target_arch == "x86_64" && avx2_enabled'
 DEFAULT_AARCH64_NEON_GUARD = 'target_arch == "aarch64" && neon_enabled'
+DEFAULT_AARCH64_SHA3_GUARD = 'target_arch == "aarch64" && aarch64_sha3_enabled'
 
 
 def read_yaml():
@@ -33,6 +34,8 @@ def nameize(value):
 
 def render_template(target_dir, target_file, template_file, **templ_vars):
     def namespaceize(value):
+        if value == "aarch64_sha3":
+            value = "aarch64"
         return re.sub(r'(\s|[-_])', '', value).upper()
 
     env = jinja2.Environment(
@@ -87,6 +90,7 @@ def generate_scheme(name, type, properties):
         x86_aes_guard=properties.get('x86_aes_guard', DEFAULT_X86_AES_GUARD),
         x86_avx2_guard=properties.get('x86_avx2_guard', DEFAULT_X86_AVX2_GUARD),
         aarch64_neon_guard=properties.get('aarch64_neon_guard', DEFAULT_AARCH64_NEON_GUARD),
+        aarch64_sha3_guard=properties.get('aarch64_sha3_guard', DEFAULT_AARCH64_SHA3_GUARD),
     )
 
     metadatas = dict()

implementations.yaml

@@ -5,16 +5,16 @@ traits_version: 0.3.5
 
 kems:
   mlkem:
-    version: 0.1.0
+    version: 0.2.0
     x86_avx2_guard: 'target_arch == "x86_64" && avx2_enabled && !is_windows && !is_macos'
-    implementations: [clean, avx2, aarch64]
+    implementations: [clean, avx2, aarch64_sha3]
     schemes:
       - name: ml-kem-512
-        implementations: [clean, avx2, aarch64]
+        implementations: [clean, avx2, aarch64_sha3]
       - name: ml-kem-768
-        implementations: [clean, avx2, aarch64]
+        implementations: [clean, avx2, aarch64_sha3]
       - name: ml-kem-1024
-        implementations: [clean, avx2, aarch64]
+        implementations: [clean, avx2, aarch64_sha3]
   classicmceliece:
     version: 0.2.0
     notes: |
@@ -63,17 +63,17 @@ kems:
 
 signs:
   mldsa:
-    version: 0.1.1
+    version: 0.2.0
     x86_avx2_guard: 'target_arch == "x86_64" && avx2_enabled && !is_windows'
-    implementations: [clean, avx2, aarch64]
+    implementations: [clean, avx2, aarch64_sha3]
     supports_context: true
     schemes:
       - name: ml-dsa-44
-        implementations: [clean, avx2, aarch64]
+        implementations: [clean, avx2, aarch64_sha3]
       - name: ml-dsa-65
-        implementations: [clean, avx2, aarch64]
+        implementations: [clean, avx2, aarch64_sha3]
       - name: ml-dsa-87
-        implementations: [clean, avx2, aarch64]
+        implementations: [clean, avx2, aarch64_sha3]
   falcon:
     version: 0.4.0
     implementations: [clean, avx2, aarch64]

pqcrypto-classicmceliece/build.rs

@@ -9,8 +9,10 @@ macro_rules! build_clean {
         let internals_include_path = &std::env::var("DEP_PQCRYPTO_INTERNALS_INCLUDEPATH").unwrap();
         let common_dir = Path::new("pqclean/common");
 
+        let implementation_dir = "clean";
+
         let mut builder = cc::Build::new();
-        let target_dir: PathBuf = ["pqclean", "crypto_kem", $variant, "clean"]
+        let target_dir: PathBuf = ["pqclean", "crypto_kem", $variant, implementation_dir]
             .iter()
             .collect();
 
@@ -41,8 +43,12 @@ macro_rules! build_avx2 {
         let internals_include_path = &std::env::var("DEP_PQCRYPTO_INTERNALS_INCLUDEPATH").unwrap();
         let common_dir = Path::new("pqclean/common");
 
+        let implementation_dir = "avx2";
+
         let mut builder = cc::Build::new();
-        let target_dir: PathBuf = ["pqclean", "crypto_kem", $variant, "avx2"].iter().collect();
+        let target_dir: PathBuf = ["pqclean", "crypto_kem", $variant, implementation_dir]
+            .iter()
+            .collect();
 
         let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap();
         if target_os == "wasi" {
@@ -86,6 +92,8 @@ fn main() {
     #[allow(unused_variables)]
     let neon_enabled = env::var("CARGO_FEATURE_NEON").is_ok();
     #[allow(unused_variables)]
+    let aarch64_sha3_enabled = env::var("CARGO_FEATURE_AARCH64_SHA3").is_ok();
+    #[allow(unused_variables)]
     let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap();
     #[allow(unused_variables)]
     let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap();

pqcrypto-classicmceliece/src/mceliece348864.rs

@@ -132,7 +132,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE348864_AVX2_crypto_kem_keypair);
         }
     }
@@ -155,7 +155,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE348864_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -177,7 +177,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE348864_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece348864f.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE348864F_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE348864F_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE348864F_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece460896.rs

@@ -132,7 +132,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE460896_AVX2_crypto_kem_keypair);
         }
     }
@@ -155,7 +155,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE460896_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -177,7 +177,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE460896_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece460896f.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE460896F_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE460896F_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE460896F_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece6688128.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE6688128_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE6688128_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE6688128_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece6688128f.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE6688128F_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE6688128F_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE6688128F_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece6960119.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE6960119_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE6960119_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE6960119_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece6960119f.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE6960119F_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE6960119F_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE6960119F_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece8192128.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE8192128_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE8192128_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE8192128_AVX2_crypto_kem_dec, ct, sk);
         }
     }

pqcrypto-classicmceliece/src/mceliece8192128f.rs

@@ -135,7 +135,7 @@ macro_rules! gen_keypair {
 pub fn keypair() -> (PublicKey, SecretKey) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return gen_keypair!(PQCLEAN_MCELIECE8192128F_AVX2_crypto_kem_keypair);
         }
     }
@@ -158,7 +158,7 @@ macro_rules! encap {
 pub fn encapsulate(pk: &PublicKey) -> (SharedSecret, Ciphertext) {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return encap!(PQCLEAN_MCELIECE8192128F_AVX2_crypto_kem_enc, pk);
         }
     }
@@ -180,7 +180,7 @@ macro_rules! decap {
 pub fn decapsulate(ct: &Ciphertext, sk: &SecretKey) -> SharedSecret {
     #[cfg(all(enable_x86_avx2, feature = "avx2"))]
     {
-        if std::is_x86_feature_detected!("avx2") {
+        if std::arch::is_x86_feature_detected!("avx2") {
             return decap!(PQCLEAN_MCELIECE8192128F_AVX2_crypto_kem_dec, ct, sk);
         }
     }