RubyGems - pq_crypto - Versions diffs - 0.4.2 → 0.5.0 - Mend

pq_crypto 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (408) hide show

data/ext/pqcrypto/vendor/mlkem-native/mlkem/src/fips202/native/armv81m/src/keccakf1600_round_constants.c ADDED Viewed

@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) The mlkem-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#include "../../../../common.h"
+#if defined(MLK_FIPS202_ARMV81M_NEED_X4) && \
+    !defined(MLK_CONFIG_MULTILEVEL_NO_SHARED)
+#include "fips202_native_armv81m.h"
+/*
+ * Keccak round constants in bit-interleaved form.
+ * Each 64-bit constant is split into two 32-bit words:
+ * - low word contains even-indexed bits
+ * - high word contains odd-indexed bits
+ */
+MLK_ALIGN const uint32_t mlk_keccakf1600_round_constants[48] = {
+    0x00000001, 0x00000000, /* RC0 */
+    0x00000000, 0x00000089, /* RC1 */
+    0x00000000, 0x8000008b, /* RC2 */
+    0x00000000, 0x80008080, /* RC3 */
+    0x00000001, 0x0000008b, /* RC4 */
+    0x00000001, 0x00008000, /* RC5 */
+    0x00000001, 0x80008088, /* RC6 */
+    0x00000001, 0x80000082, /* RC7 */
+    0x00000000, 0x0000000b, /* RC8 */
+    0x00000000, 0x0000000a, /* RC9 */
+    0x00000001, 0x00008082, /* RC10 */
+    0x00000000, 0x00008003, /* RC11 */
+    0x00000001, 0x0000808b, /* RC12 */
+    0x00000001, 0x8000000b, /* RC13 */
+    0x00000001, 0x8000008a, /* RC14 */
+    0x00000001, 0x80000081, /* RC15 */
+    0x00000000, 0x80000081, /* RC16 */
+    0x00000000, 0x80000008, /* RC17 */
+    0x00000000, 0x00000083, /* RC18 */
+    0x00000000, 0x80008003, /* RC19 */
+    0x00000001, 0x80008088, /* RC20 */
+    0x00000000, 0x80000088, /* RC21 */
+    0x00000001, 0x00008000, /* RC22 */
+    0x00000000, 0x80008082, /* RC23 */
+};
+#else /* MLK_FIPS202_ARMV81M_NEED_X4 && !MLK_CONFIG_MULTILEVEL_NO_SHARED */
+MLK_EMPTY_CU(fips202_armv81m_round_constants)
+#endif /* !(MLK_FIPS202_ARMV81M_NEED_X4 && !MLK_CONFIG_MULTILEVEL_NO_SHARED) \
+        */

data/ext/pqcrypto/vendor/mlkem-native/mlkem/src/fips202/native/armv81m/src/state_extract_bytes_x4_mve.S ADDED Viewed

@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) The mlkem-native project authors
+ * Copyright (c) The mldsa-native project authors
+ * Copyright (c) 2026 Arm Limited
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+// ---------------------------------------------------------------------------
+// Overview
+// ---------------------------------------------------------------------------
+// MVE/Helium implementation of KeccakF1600x4_StateExtractBytes
+// (inverse of state_xor_bytes_x4_mve.S).
+//
+// void KeccakF1600x4_StateExtractBytes(state, d0, d1, d2, d3, offset, length)
+//
+// Reads 'length' bytes from the bit-interleaved Keccak state starting at
+// byte 'offset', recombines the even and odd halves of each lane back
+// into plain bytes, and writes them to four output buffers (d0..d3).
+//
+// ---------------------------------------------------------------------------
+// Bit-interleaving background
+// ---------------------------------------------------------------------------
+// Each 64-bit Keccak lane is stored as two 32-bit words:
+//   even half -- bits 0, 2, 4, ..., 62 of the lane
+//   odd half  -- bits 1, 3, 5, ..., 63 of the lane
+// This representation allows 64-bit lane rotations (used in the Keccak
+// round function) to be implemented as pairs of 32-bit rotations.
+//
+// Batched (x4) processing:
+//   Four Keccak instances are processed as a batch.  Their states are
+//   stored interleaved in a single 800-byte buffer: first the even
+//   halves of all 25 lanes (400 bytes), then the odd halves (400 bytes).
+//   Within each 16-byte row, the four u32 words correspond to
+//   instances 0..3 of the same lane, enabling SIMD-parallel operations
+//   across all four instances.
+//
+// State memory layout (25 lanes x 4 instances x 2 halves):
+//   S[i][l]_even/odd = even/odd half of lane l, instance i  (u32)
+//   Each row is 16 bytes (one Q-register).
+//   Offset  Contents
+//     0     S[0][ 0]_even, S[1][ 0]_even, S[2][ 0]_even, S[3][ 0]_even
+//    16     S[0][ 1]_even, S[1][ 1]_even, S[2][ 1]_even, S[3][ 1]_even
+//    ...
+//   384     S[0][24]_even, S[1][24]_even, S[2][24]_even, S[3][24]_even
+//   400     S[0][ 0]_odd,  S[1][ 0]_odd,  S[2][ 0]_odd,  S[3][ 0]_odd
+//   416     S[0][ 1]_odd,  S[1][ 1]_odd,  S[2][ 1]_odd,  S[3][ 1]_odd
+//    ...
+//   784     S[0][24]_odd,  S[1][24]_odd,  S[2][24]_odd,  S[3][24]_odd
+//
+// ---------------------------------------------------------------------------
+// Three-phase structure
+// ---------------------------------------------------------------------------
+//   Prologue -- if offset is not 8-byte aligned, extract
+//               min(length, 8-(offset%8)) bytes via predicated byte stores.
+//   Main     -- process full 8-byte groups: load even/odd lane pair,
+//               de-interleave, scatter-store to output buffers.
+//   Tail     -- extract remaining <8 bytes via predicated byte stores.
+#include "../../../../common.h"
+#if defined(MLK_FIPS202_ARMV81M_NEED_X4) && \
+    !defined(MLK_CONFIG_MULTILEVEL_NO_SHARED)
+/*
+ * WARNING: This file is auto-derived from the mlkem-native source file
+ *   dev/fips202/armv81m/src/state_extract_bytes_x4_mve.S using scripts/simpasm. Do not modify it directly.
+ */
+.thumb
+.syntax unified
+.text
+.balign 4
+.global MLK_ASM_NAMESPACE(keccak_f1600_x4_state_extract_bytes_asm)
+MLK_ASM_FN_SYMBOL(keccak_f1600_x4_state_extract_bytes_asm)
+        push.w {r4, r5, r6, r7, r8, r9, r10, r11, r12, lr}
+        vpush {d8, d9, d10, d11, d12, d13, d14, d15}
+        ldr r4, [sp, #0x68]
+        ldr.w r10, [sp, #0x6c]
+        ldr r6, [sp, #0x70]
+        cmp r6, #0x0
+        beq.w keccak_f1600_x4_state_extract_bytes_asm_exit @ imm = #0x2ea
+        and r5, r10, #0x7
+        bic r9, r10, #0x7
+        add.w r8, r0, r9, lsl #1
+        add.w r7, r8, #0x190
+        cmp r5, #0x0
+        beq.w keccak_f1600_x4_state_extract_bytes_asm_pre_main @ imm = #0x112
+        vldrw.u32 q0, [r8], #16
+        vldrw.u32 q1, [r7], #16
+        vrev32.16 q2, q0
+        vrev32.16 q3, q1
+        vsli.32 q0, q0, #0x8
+        vsli.16 q0, q0, #0x4
+        vsli.8 q0, q0, #0x1
+        vshr.u8 q4, q0, #0x3
+        vsli.8 q0, q4, #0x4
+        vshr.u8 q4, q0, #0x5
+        vsli.8 q0, q4, #0x6
+        vsli.32 q1, q1, #0x8
+        vsli.16 q1, q1, #0x4
+        vsli.8 q1, q1, #0x1
+        vshr.u8 q4, q1, #0x3
+        vsli.8 q1, q4, #0x4
+        vshr.u8 q4, q1, #0x5
+        vsli.8 q1, q4, #0x6
+        mov.w r0, #0x55
+        vdup.8 q4, r0
+        vand q0, q0, q4
+        vand q1, q1, q4
+        vshl.i32 q1, q1, #0x1
+        vorr q0, q0, q1
+        vsli.32 q2, q2, #0x8
+        vsli.16 q2, q2, #0x4
+        vsli.8 q2, q2, #0x1
+        vshr.u8 q1, q2, #0x3
+        vsli.8 q2, q1, #0x4
+        vshr.u8 q1, q2, #0x5
+        vsli.8 q2, q1, #0x6
+        vsli.32 q3, q3, #0x8
+        vsli.16 q3, q3, #0x4
+        vsli.8 q3, q3, #0x1
+        vshr.u8 q1, q3, #0x3
+        vsli.8 q3, q1, #0x4
+        vshr.u8 q1, q3, #0x5
+        vsli.8 q3, q1, #0x6
+        vand q1, q2, q4
+        vand q3, q3, q4
+        vshl.i32 q3, q3, #0x1
+        vorr q1, q1, q3
+        vrev64.32 q2, q0
+        vrev64.32 q3, q1
+        movw r0, #0xf0f
+        vmsr p0, r0
+        vpsel q0, q0, q3
+        vpsel q1, q2, q1
+        vmov.f64 d4, d1
+        vmov.f64 d6, d3
+        rsb.w lr, r5, #0x8
+        cmp r6, lr
+        it ls
+        movls lr, r6
+        vctp.8 lr
+        vmrs r11, p0
+        lsl.w r11, r11, r5
+        vmsr p0, r11
+        subs r1, r1, r5
+        subs r2, r2, r5
+        subs r3, r3, r5
+        subs r4, r4, r5
+        vpstttt
+        vstrbt.8 q0, [r1], #4
+        vstrbt.8 q1, [r2], #4
+        vstrbt.8 q2, [r3], #4
+        vstrbt.8 q3, [r4], #4
+        subs.w r6, r6, lr
+        cmp r6, #0x0
+        beq.w keccak_f1600_x4_state_extract_bytes_asm_exit @ imm = #0x1cc
+        vmov q7[2], q7[0], r1, r3
+        vmov q7[3], q7[1], r2, r4
+        b keccak_f1600_x4_state_extract_bytes_asm_main_body @ imm = #0xe
+keccak_f1600_x4_state_extract_bytes_asm_pre_main:
+        vmov q7[2], q7[0], r1, r3
+        vmov q7[3], q7[1], r2, r4
+        mov.w r12, #0x4
+        vsub.i32 q7, q7, r12
+keccak_f1600_x4_state_extract_bytes_asm_main_body:
+        lsr.w lr, r6, #0x3
+        wls lr, lr, keccak_f1600_x4_state_extract_bytes_asm_main_loop_end @ imm = #0xb4
+keccak_f1600_x4_state_extract_bytes_asm_main_loop_start:
+        vldrw.u32 q0, [r8], #16
+        vldrw.u32 q1, [r7], #16
+        vrev32.16 q2, q0
+        vrev32.16 q3, q1
+        vsli.32 q0, q0, #0x8
+        vsli.16 q0, q0, #0x4
+        vsli.8 q0, q0, #0x1
+        vshr.u8 q4, q0, #0x3
+        vsli.8 q0, q4, #0x4
+        vshr.u8 q4, q0, #0x5
+        vsli.8 q0, q4, #0x6
+        vsli.32 q1, q1, #0x8
+        vsli.16 q1, q1, #0x4
+        vsli.8 q1, q1, #0x1
+        vshr.u8 q4, q1, #0x3
+        vsli.8 q1, q4, #0x4
+        vshr.u8 q4, q1, #0x5
+        vsli.8 q1, q4, #0x6
+        mov.w r0, #0x55
+        vdup.8 q4, r0
+        vand q0, q0, q4
+        vand q1, q1, q4
+        vshl.i32 q1, q1, #0x1
+        vorr q0, q0, q1
+        vsli.32 q2, q2, #0x8
+        vsli.16 q2, q2, #0x4
+        vsli.8 q2, q2, #0x1
+        vshr.u8 q1, q2, #0x3
+        vsli.8 q2, q1, #0x4
+        vshr.u8 q1, q2, #0x5
+        vsli.8 q2, q1, #0x6
+        vsli.32 q3, q3, #0x8
+        vsli.16 q3, q3, #0x4
+        vsli.8 q3, q3, #0x1
+        vshr.u8 q1, q3, #0x3
+        vsli.8 q3, q1, #0x4
+        vshr.u8 q1, q3, #0x5
+        vsli.8 q3, q1, #0x6
+        vand q1, q2, q4
+        vand q3, q3, q4
+        vshl.i32 q3, q3, #0x1
+        vorr q1, q1, q3
+        vstrw.32 q0, [q7, #4]!
+        vstrw.32 q1, [q7, #4]!
+        le lr, keccak_f1600_x4_state_extract_bytes_asm_main_loop_start @ imm = #-0xb4
+keccak_f1600_x4_state_extract_bytes_asm_main_loop_end:
+        ands r6, r6, #0x7
+        beq keccak_f1600_x4_state_extract_bytes_asm_exit @ imm = #0xee
+        mov.w r12, #0x4
+        vadd.i32 q7, q7, r12
+        vmov r1, r3, q7[2], q7[0]
+        vmov r2, r4, q7[3], q7[1]
+        vldrw.u32 q0, [r8], #16
+        vldrw.u32 q1, [r7], #16
+        vrev32.16 q2, q0
+        vrev32.16 q3, q1
+        vsli.32 q0, q0, #0x8
+        vsli.16 q0, q0, #0x4
+        vsli.8 q0, q0, #0x1
+        vshr.u8 q4, q0, #0x3
+        vsli.8 q0, q4, #0x4
+        vshr.u8 q4, q0, #0x5
+        vsli.8 q0, q4, #0x6
+        vsli.32 q1, q1, #0x8
+        vsli.16 q1, q1, #0x4
+        vsli.8 q1, q1, #0x1
+        vshr.u8 q4, q1, #0x3
+        vsli.8 q1, q4, #0x4
+        vshr.u8 q4, q1, #0x5
+        vsli.8 q1, q4, #0x6
+        mov.w r0, #0x55
+        vdup.8 q4, r0
+        vand q0, q0, q4
+        vand q1, q1, q4
+        vshl.i32 q1, q1, #0x1
+        vorr q0, q0, q1
+        vsli.32 q2, q2, #0x8
+        vsli.16 q2, q2, #0x4
+        vsli.8 q2, q2, #0x1
+        vshr.u8 q1, q2, #0x3
+        vsli.8 q2, q1, #0x4
+        vshr.u8 q1, q2, #0x5
+        vsli.8 q2, q1, #0x6
+        vsli.32 q3, q3, #0x8
+        vsli.16 q3, q3, #0x4
+        vsli.8 q3, q3, #0x1
+        vshr.u8 q1, q3, #0x3
+        vsli.8 q3, q1, #0x4
+        vshr.u8 q1, q3, #0x5
+        vsli.8 q3, q1, #0x6
+        vand q1, q2, q4
+        vand q3, q3, q4
+        vshl.i32 q3, q3, #0x1
+        vorr q1, q1, q3
+        vrev64.32 q2, q0
+        vrev64.32 q3, q1
+        movw r0, #0xf0f
+        vmsr p0, r0
+        vpsel q0, q0, q3
+        vpsel q1, q2, q1
+        vmov.f64 d4, d1
+        vmov.f64 d6, d3
+        vctp.8 r6
+        vpstttt
+        vstrbt.8 q0, [r1], #4
+        vstrbt.8 q1, [r2], #4
+        vstrbt.8 q2, [r3], #4
+        vstrbt.8 q3, [r4], #4
+keccak_f1600_x4_state_extract_bytes_asm_exit:
+        vpop {d8, d9, d10, d11, d12, d13, d14, d15}
+        pop.w {r4, r5, r6, r7, r8, r9, r10, r11, r12, pc}
+MLK_ASM_FN_SIZE(keccak_f1600_x4_state_extract_bytes_asm)
+#endif /* MLK_FIPS202_ARMV81M_NEED_X4 && !MLK_CONFIG_MULTILEVEL_NO_SHARED */

data/ext/pqcrypto/vendor/mlkem-native/mlkem/src/fips202/native/armv81m/src/state_xor_bytes_x4_mve.S ADDED Viewed

@@ -0,0 +1,314 @@
+/*
+ * Copyright (c) The mlkem-native project authors
+ * Copyright (c) The mldsa-native project authors
+ * Copyright (c) 2026 Arm Limited
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+// ---------------------------------------------------------------------------
+// Overview
+// ---------------------------------------------------------------------------
+// MVE/Helium implementation of KeccakF1600x4_StateXORBytes.
+//
+// void KeccakF1600x4_StateXORBytes(state, d0, d1, d2, d3, offset, length)
+//
+// Reads 'length' plain bytes from each of four input buffers (d0..d3),
+// splits every byte into its even and odd bits (bit-interleaving), and
+// XORs the result into the Keccak state starting at byte 'offset'.
+//
+// ---------------------------------------------------------------------------
+// Bit-interleaving background
+// ---------------------------------------------------------------------------
+// Each 64-bit Keccak lane is stored as two 32-bit words:
+//   even half -- bits 0, 2, 4, ..., 62 of the lane
+//   odd half  -- bits 1, 3, 5, ..., 63 of the lane
+// This representation allows 64-bit lane rotations (used in the Keccak
+// round function) to be implemented as pairs of 32-bit rotations.
+//
+// Batched (x4) processing:
+//   Four Keccak instances are processed as a batch.  Their states are
+//   stored interleaved in a single 800-byte buffer: first the even
+//   halves of all 25 lanes (400 bytes), then the odd halves (400 bytes).
+//   Within each 16-byte row, the four u32 words correspond to
+//   instances 0..3 of the same lane, enabling SIMD-parallel operations
+//   across all four instances.
+//
+// State memory layout (25 lanes x 4 instances x 2 halves):
+//   S[i][l]_even/odd = even/odd half of lane l, instance i  (u32)
+//   Each row is 16 bytes (one Q-register).
+//   Offset  Contents
+//     0     S[0][ 0]_even, S[1][ 0]_even, S[2][ 0]_even, S[3][ 0]_even
+//    16     S[0][ 1]_even, S[1][ 1]_even, S[2][ 1]_even, S[3][ 1]_even
+//    ...
+//   384     S[0][24]_even, S[1][24]_even, S[2][24]_even, S[3][24]_even
+//   400     S[0][ 0]_odd,  S[1][ 0]_odd,  S[2][ 0]_odd,  S[3][ 0]_odd
+//   416     S[0][ 1]_odd,  S[1][ 1]_odd,  S[2][ 1]_odd,  S[3][ 1]_odd
+//    ...
+//   784     S[0][24]_odd,  S[1][24]_odd,  S[2][24]_odd,  S[3][24]_odd
+//
+// ---------------------------------------------------------------------------
+// Three-phase structure
+// ---------------------------------------------------------------------------
+//   Prologue -- if offset is not 8-byte aligned, absorb
+//               min(length, 8-(offset%8)) bytes via predicated byte loads.
+//   Main     -- process full 8-byte groups via word-level gather loads,
+//               bit-interleave, then VEOR into even/odd state halves.
+//   Tail     -- absorb remaining <8 bytes via predicated byte loads.
+#include "../../../../common.h"
+#if defined(MLK_FIPS202_ARMV81M_NEED_X4) && \
+    !defined(MLK_CONFIG_MULTILEVEL_NO_SHARED)
+/*
+ * WARNING: This file is auto-derived from the mlkem-native source file
+ *   dev/fips202/armv81m/src/state_xor_bytes_x4_mve.S using scripts/simpasm. Do not modify it directly.
+ */
+.thumb
+.syntax unified
+.text
+.balign 4
+.global MLK_ASM_NAMESPACE(keccak_f1600_x4_state_xor_bytes_asm)
+MLK_ASM_FN_SYMBOL(keccak_f1600_x4_state_xor_bytes_asm)
+        push.w {r4, r5, r6, r7, r8, r9, r10, r11, r12, lr}
+        vpush {d8, d9, d10, d11, d12, d13, d14, d15}
+        ldr r4, [sp, #0x68]
+        ldr.w r10, [sp, #0x6c]
+        ldr r6, [sp, #0x70]
+        cmp r6, #0x0
+        beq.w keccak_f1600_x4_state_xor_bytes_asm_exit @ imm = #0x34c
+        and r5, r10, #0x7
+        bic r9, r10, #0x7
+        add.w r8, r0, r9, lsl #1
+        add.w r7, r8, #0x190
+        cmp r5, #0x0
+        beq.w keccak_f1600_x4_state_xor_bytes_asm_pre_main @ imm = #0x132
+        subs r1, r1, r5
+        subs r2, r2, r5
+        subs r3, r3, r5
+        subs r4, r4, r5
+        rsb.w lr, r5, #0x8
+        cmp r6, lr
+        it ls
+        movls lr, r6
+        subs.w r6, r6, lr
+        vctp.8 lr
+        vmrs r11, p0
+        lsl.w r11, r11, r5
+        vmsr p0, r11
+        vpstttt
+        vldrbt.u8 q0, [r1], #4
+        vldrbt.u8 q1, [r2], #4
+        vldrbt.u8 q2, [r3], #4
+        vldrbt.u8 q3, [r4], #4
+        vmov.f64 d1, d4
+        vmov.f64 d3, d6
+        vrev64.32 q2, q0
+        vrev64.32 q3, q1
+        movw r0, #0xf0f
+        vmsr p0, r0
+        vpsel q0, q0, q3
+        vpsel q1, q2, q1
+        vmov q2, q0
+        vmov q3, q1
+        vshr.u8 q4, q0, #0x2
+        vsli.8 q0, q4, #0x1
+        vshr.u8 q4, q0, #0x3
+        vsli.8 q0, q4, #0x2
+        vshr.u8 q4, q0, #0x4
+        vsli.8 q0, q4, #0x3
+        vshr.u16 q4, q0, #0x8
+        vsli.8 q0, q4, #0x4
+        vshr.u32 q4, q0, #0x10
+        vsli.16 q0, q4, #0x8
+        vshr.u8 q4, q3, #0x2
+        vsli.8 q3, q4, #0x1
+        vshr.u8 q4, q3, #0x3
+        vsli.8 q3, q4, #0x2
+        vshr.u8 q4, q3, #0x4
+        vsli.8 q3, q4, #0x3
+        vshr.u16 q4, q3, #0x8
+        vsli.8 q3, q4, #0x4
+        vshr.u32 q4, q3, #0x10
+        vsli.16 q3, q4, #0x8
+        vsli.32 q0, q3, #0x10
+        vshl.i8 q4, q2, #0x2
+        vsri.8 q2, q4, #0x1
+        vshl.i8 q4, q2, #0x3
+        vsri.8 q2, q4, #0x2
+        vshl.i8 q4, q2, #0x4
+        vsri.8 q2, q4, #0x3
+        vshl.i16 q4, q2, #0x8
+        vsri.8 q2, q4, #0x4
+        vshl.i32 q4, q2, #0x10
+        vsri.16 q2, q4, #0x8
+        vshl.i8 q4, q1, #0x2
+        vsri.8 q1, q4, #0x1
+        vshl.i8 q4, q1, #0x3
+        vsri.8 q1, q4, #0x2
+        vshl.i8 q4, q1, #0x4
+        vsri.8 q1, q4, #0x3
+        vshl.i16 q4, q1, #0x8
+        vsri.8 q1, q4, #0x4
+        vshl.i32 q4, q1, #0x10
+        vsri.16 q1, q4, #0x8
+        vsri.32 q1, q2, #0x10
+        vldrw.u32 q4, [r8]
+        vldrw.u32 q5, [r7]
+        veor q4, q4, q0
+        veor q5, q5, q1
+        vstrw.32 q4, [r8], #16
+        vstrw.32 q5, [r7], #16
+        vmov q7[2], q7[0], r1, r3
+        vmov q7[3], q7[1], r2, r4
+        cmp r6, #0x0
+        beq.w keccak_f1600_x4_state_xor_bytes_asm_exit @ imm = #0x206
+        b keccak_f1600_x4_state_xor_bytes_asm_main_body @ imm = #0xe
+keccak_f1600_x4_state_xor_bytes_asm_pre_main:
+        vmov q7[2], q7[0], r1, r3
+        vmov q7[3], q7[1], r2, r4
+        mov.w r0, #0x4
+        vsub.i32 q7, q7, r0
+keccak_f1600_x4_state_xor_bytes_asm_main_body:
+        lsr.w lr, r6, #0x3
+        wls lr, lr, keccak_f1600_x4_state_xor_bytes_asm_main_loop_end @ imm = #0xd4
+keccak_f1600_x4_state_xor_bytes_asm_main_loop_start:
+        vldrw.u32 q0, [q7, #4]!
+        vldrw.u32 q1, [q7, #4]!
+        vmov q2, q0
+        vmov q3, q1
+        vshr.u8 q4, q0, #0x2
+        vsli.8 q0, q4, #0x1
+        vshr.u8 q4, q0, #0x3
+        vsli.8 q0, q4, #0x2
+        vshr.u8 q4, q0, #0x4
+        vsli.8 q0, q4, #0x3
+        vshr.u16 q4, q0, #0x8
+        vsli.8 q0, q4, #0x4
+        vshr.u32 q4, q0, #0x10
+        vsli.16 q0, q4, #0x8
+        vshr.u8 q4, q3, #0x2
+        vsli.8 q3, q4, #0x1
+        vshr.u8 q4, q3, #0x3
+        vsli.8 q3, q4, #0x2
+        vshr.u8 q4, q3, #0x4
+        vsli.8 q3, q4, #0x3
+        vshr.u16 q4, q3, #0x8
+        vsli.8 q3, q4, #0x4
+        vshr.u32 q4, q3, #0x10
+        vsli.16 q3, q4, #0x8
+        vsli.32 q0, q3, #0x10
+        vshl.i8 q4, q2, #0x2
+        vsri.8 q2, q4, #0x1
+        vshl.i8 q4, q2, #0x3
+        vsri.8 q2, q4, #0x2
+        vshl.i8 q4, q2, #0x4
+        vsri.8 q2, q4, #0x3
+        vshl.i16 q4, q2, #0x8
+        vsri.8 q2, q4, #0x4
+        vshl.i32 q4, q2, #0x10
+        vsri.16 q2, q4, #0x8
+        vshl.i8 q4, q1, #0x2
+        vsri.8 q1, q4, #0x1
+        vshl.i8 q4, q1, #0x3
+        vsri.8 q1, q4, #0x2
+        vshl.i8 q4, q1, #0x4
+        vsri.8 q1, q4, #0x3
+        vshl.i16 q4, q1, #0x8
+        vsri.8 q1, q4, #0x4
+        vshl.i32 q4, q1, #0x10
+        vsri.16 q1, q4, #0x8
+        vsri.32 q1, q2, #0x10
+        vldrw.u32 q4, [r8]
+        vldrw.u32 q5, [r7]
+        veor q4, q4, q0
+        veor q5, q5, q1
+        vstrw.32 q4, [r8], #16
+        vstrw.32 q5, [r7], #16
+        le lr, keccak_f1600_x4_state_xor_bytes_asm_main_loop_start @ imm = #-0xd4
+keccak_f1600_x4_state_xor_bytes_asm_main_loop_end:
+        ands r6, r6, #0x7
+        beq.w keccak_f1600_x4_state_xor_bytes_asm_exit @ imm = #0x110
+        mov.w r0, #0x4
+        vadd.i32 q7, q7, r0
+        vmov r1, r3, q7[2], q7[0]
+        vmov r2, r4, q7[3], q7[1]
+        vctp.8 r6
+        vpstttt
+        vldrbt.u8 q0, [r1]
+        vldrbt.u8 q1, [r2]
+        vldrbt.u8 q2, [r3]
+        vldrbt.u8 q3, [r4]
+        vmov.f64 d1, d4
+        vmov.f64 d3, d6
+        vrev64.32 q2, q0
+        vrev64.32 q3, q1
+        movw r0, #0xf0f
+        vmsr p0, r0
+        vpsel q0, q0, q3
+        vpsel q1, q2, q1
+        vmov q2, q0
+        vmov q3, q1
+        vshr.u8 q4, q0, #0x2
+        vsli.8 q0, q4, #0x1
+        vshr.u8 q4, q0, #0x3
+        vsli.8 q0, q4, #0x2
+        vshr.u8 q4, q0, #0x4
+        vsli.8 q0, q4, #0x3
+        vshr.u16 q4, q0, #0x8
+        vsli.8 q0, q4, #0x4
+        vshr.u32 q4, q0, #0x10
+        vsli.16 q0, q4, #0x8
+        vshr.u8 q4, q3, #0x2
+        vsli.8 q3, q4, #0x1
+        vshr.u8 q4, q3, #0x3
+        vsli.8 q3, q4, #0x2
+        vshr.u8 q4, q3, #0x4
+        vsli.8 q3, q4, #0x3
+        vshr.u16 q4, q3, #0x8
+        vsli.8 q3, q4, #0x4
+        vshr.u32 q4, q3, #0x10
+        vsli.16 q3, q4, #0x8
+        vsli.32 q0, q3, #0x10
+        vshl.i8 q4, q2, #0x2
+        vsri.8 q2, q4, #0x1
+        vshl.i8 q4, q2, #0x3
+        vsri.8 q2, q4, #0x2
+        vshl.i8 q4, q2, #0x4
+        vsri.8 q2, q4, #0x3
+        vshl.i16 q4, q2, #0x8
+        vsri.8 q2, q4, #0x4
+        vshl.i32 q4, q2, #0x10
+        vsri.16 q2, q4, #0x8
+        vshl.i8 q4, q1, #0x2
+        vsri.8 q1, q4, #0x1
+        vshl.i8 q4, q1, #0x3
+        vsri.8 q1, q4, #0x2
+        vshl.i8 q4, q1, #0x4
+        vsri.8 q1, q4, #0x3
+        vshl.i16 q4, q1, #0x8
+        vsri.8 q1, q4, #0x4
+        vshl.i32 q4, q1, #0x10
+        vsri.16 q1, q4, #0x8
+        vsri.32 q1, q2, #0x10
+        vldrw.u32 q4, [r8]
+        vldrw.u32 q5, [r7]
+        veor q4, q4, q0
+        veor q5, q5, q1
+        vstrw.32 q4, [r8], #16
+        vstrw.32 q5, [r7], #16
+keccak_f1600_x4_state_xor_bytes_asm_exit:
+        vpop {d8, d9, d10, d11, d12, d13, d14, d15}
+        pop.w {r4, r5, r6, r7, r8, r9, r10, r11, r12, pc}
+        nop
+MLK_ASM_FN_SIZE(keccak_f1600_x4_state_xor_bytes_asm)
+#endif /* MLK_FIPS202_ARMV81M_NEED_X4 && !MLK_CONFIG_MULTILEVEL_NO_SHARED */

data/ext/pqcrypto/vendor/mlkem-native/mlkem/src/fips202/native/auto.h ADDED Viewed

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) The mlkem-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+#ifndef MLK_FIPS202_NATIVE_AUTO_H
+#define MLK_FIPS202_NATIVE_AUTO_H
+/*
+ * Default FIPS202 backend
+ */
+#include "../../sys.h"
+#if defined(MLK_SYS_AARCH64)
+#include "aarch64/auto.h"
+#endif
+#if defined(MLK_SYS_X86_64) && defined(MLK_SYS_X86_64_AVX2)
+#include "x86_64/keccak_f1600_x4_avx2.h"
+#endif
+/* We do not yet include the FIPS202 backend for Armv8.1-M+MVE by default
+ * as it is still experimental and undergoing review. */
+/* #if defined(MLK_SYS_ARMV81M_MVE) */
+/* #include "armv81m/mve.h" */
+/* #endif */
+#endif /* !MLK_FIPS202_NATIVE_AUTO_H */