Improve SSE4.1/AES-NI support

README.md

@@ -150,6 +150,10 @@ If you have `libtommath` in a non-standard location:
 
     make CFLAGS="-DUSE_LTM -DLTM_DESC -I/opt/devel/ltm" EXTRALIBS="/opt/devel/ltm/libtommath.a" all
 
+You want to enable AES-NI support, but compile the rest of the library without the requirement for SSE4.1:
+
+    make CFLAGS=-DLTC_AES_NI CFLAGS_AES_NI="-maes -msse4.1"
+
 ## Installation
 
 There exist several _install_ make-targets which are described in the table above.

makefile

@@ -56,6 +56,13 @@ ifneq ($V,1)
 endif
 	${silent} ${CC} ${LTC_CFLAGS} -DENCRYPT_ONLY -c $< -o $@
 
+#AES-NI support requires special compiler flags
+src/ciphers/aes/aesni.o: src/ciphers/aes/aesni.c
+ifneq ($V,1)
+	@echo "   * ${CC} $@" ${silent_echo}
+endif
+	${silent} ${CC} ${LTC_CFLAGS} ${CFLAGS_AES_NI} -c $< -o $@
+
 .c.o:
 ifneq ($V,1)
 	@echo "   * ${CC} $@" ${silent_echo}

makefile.mingw

@@ -250,6 +250,10 @@ src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/aes/aes_enc_desc.o: src/ciphers/aes/aes.c
 	$(CC) $(LTC_CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes_desc.c -o src/ciphers/aes/aes_enc_desc.o
 
+#SPECIAL: AES-NI support requires special compiler flags
+src/ciphers/aes/aesni.o: src/ciphers/aes/aesni.c
+	$(CC) $(LTC_CFLAGS) $(CFLAGS_AES_NI) -c src/ciphers/aes/aesni.c -o src/ciphers/aes/aesni.o
+
 #SPECIAL: these are the rules to make certain object files
 src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c

makefile.msvc

@@ -243,6 +243,10 @@ src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/aes/aes_enc_desc.obj: src/ciphers/aes/aes_desc.c
 	$(CC) $(LTC_CFLAGS) /DENCRYPT_ONLY /c src/ciphers/aes/aes_desc.c /Fosrc/ciphers/aes/aes_enc_desc.obj
 
+#SPECIAL: AES-NI support requires special compiler flags
+src/ciphers/aes/aesni.obj: src/ciphers/aes/aesni.c
+	$(CC) $(LTC_CFLAGS) $(CFLAGS_AES_NI) /c src/ciphers/aes/aesni.c /Fosrc/ciphers/aes/aesni.obj
+
 #SPECIAL: these are the rules to make certain object files
 src/ciphers/aes/aes.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/twofish/twofish.obj: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c

makefile.shared

@@ -73,6 +73,10 @@ src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/aes/aes_enc_desc.o: src/ciphers/aes/aes_desc.c
 	$(LTCOMPILE) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes_desc.c -o src/ciphers/aes/aes_enc_desc.o
 
+#AES-NI support requires special compiler flags
+src/ciphers/aes/aesni.o: src/ciphers/aes/aesni.c
+	$(LTCOMPILE) $(LTC_CFLAGS) $(CFLAGS_AES_NI) $(CPPFLAGS) $(LTC_LDFLAGS) -c src/ciphers/aes/aesni.c -o src/ciphers/aes/aesni.o
+
 .c.o:
 	$(LTCOMPILE) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) -o $@ -c $<
 

makefile.unix

@@ -264,6 +264,10 @@ src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/aes/aes_enc_desc.o: src/ciphers/aes/aes_desc.c
 	$(CC) $(LTC_CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes_desc.c -o src/ciphers/aes/aes_enc_desc.o
 
+#SPECIAL: AES-NI support requires special compiler flags
+src/ciphers/aes/aesni.o: src/ciphers/aes/aesni.c
+	$(CC) $(LTC_CFLAGS) $(CFLAGS_AES_NI) -c src/ciphers/aes/aesni.c -o src/ciphers/aes/aesni.o
+
 #SPECIAL: these are the rules to make certain object files
 src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c

src/ciphers/aes/aes_desc.c

@@ -49,15 +49,15 @@ const struct ltc_cipher_descriptor aes_enc_desc =
 #endif
 
 /* Code partially borrowed from https://software.intel.com/content/www/us/en/develop/articles/intel-sha-extensions.html */
-#if defined(LTC_HAS_AES_NI)
+#if defined(LTC_AES_NI)
 static LTC_INLINE int s_aesni_is_supported(void)
 {
    static int initialized = 0, is_supported = 0;
 
    if (initialized == 0) {
       int a, b, c, d;
 
-      /* Look for CPUID.1.0.ECX[25]
+      /* Look for CPUID.1.0.ECX[19] (SSE4.1) and CPUID.1.0.ECX[25] (AES-NI)
        * EAX = 1, ECX = 0
        */
       a = 1;
@@ -68,7 +68,7 @@ static LTC_INLINE int s_aesni_is_supported(void)
            :"a"(a), "c"(c)
           );
 
-      is_supported = ((c >> 25) & 1);
+      is_supported = ((c >> 19) & 1) && ((c >> 25) & 1);
       initialized = 1;
    }
 
@@ -93,7 +93,7 @@ int aesni_is_supported(void)
  */
 int AES_SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
-#ifdef LTC_HAS_AES_NI
+#ifdef LTC_AES_NI
    if (s_aesni_is_supported()) {
       return aesni_setup(key, keylen, num_rounds, skey);
    }
@@ -111,7 +111,7 @@ int AES_SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 */
 int AES_ENC(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey)
 {
-#ifdef LTC_HAS_AES_NI
+#ifdef LTC_AES_NI
    if (s_aesni_is_supported()) {
       return aesni_ecb_encrypt(pt, ct, skey);
    }
@@ -130,7 +130,7 @@ int AES_ENC(const unsigned char *pt, unsigned char *ct, const symmetric_key *ske
 */
 int AES_DEC(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey)
 {
-#ifdef LTC_HAS_AES_NI
+#ifdef LTC_AES_NI
    if (s_aesni_is_supported()) {
       return aesni_ecb_decrypt(ct, pt, skey);
    }

src/ciphers/aes/aesni.c

@@ -9,7 +9,7 @@
 
 #include "tomcrypt_private.h"
 
-#if defined(LTC_HAS_AES_NI)
+#if defined(LTC_AES_NI)
 
 const struct ltc_cipher_descriptor aesni_desc =
 {

src/headers/tomcrypt_cfg.h

@@ -91,11 +91,6 @@ LTC_EXPORT int   LTC_CALL XSTRCMP(const char *s1, const char *s2);
    #define ENDIAN_LITTLE
    #define ENDIAN_64BITWORD
    #define LTC_FAST
-   #if defined(__SSE4_1__)
-      #if __SSE4_1__ == 1
-         #define LTC_AMD64_SSE4_1
-      #endif
-   #endif
 #endif
 
 /* detect PPC32 */

src/headers/tomcrypt_cipher.h

@@ -719,7 +719,7 @@ extern const struct ltc_cipher_descriptor rijndael_desc;
 extern const struct ltc_cipher_descriptor rijndael_enc_desc;
 #endif
 
-#if defined(LTC_AES_NI) && defined(LTC_AMD64_SSE4_1)
+#if defined(LTC_AES_NI)
 int aesni_is_supported(void);
 int aesni_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
 int aesni_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey);

src/headers/tomcrypt_custom.h

@@ -179,9 +179,6 @@
 #define LTC_RC6
 #define LTC_SAFERP
 #define LTC_RIJNDAEL
-#ifndef LTC_NO_AES_NI
-   #define LTC_AES_NI
-#endif
 #define LTC_XTEA
 /* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format
  * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */

src/headers/tomcrypt_private.h

@@ -98,10 +98,6 @@ typedef struct
 
 /* tomcrypt_cipher.h */
 
-#if defined(LTC_AES_NI) && defined(LTC_AMD64_SSE4_1)
-#define LTC_HAS_AES_NI
-#endif
-
 void blowfish_enc(ulong32 *data, unsigned long blocks, const symmetric_key *skey);
 int blowfish_expand(const unsigned char *key, int keylen,
                     const unsigned char *data, int datalen,

src/misc/crypt/crypt.c

@@ -422,7 +422,7 @@ const char *crypt_build_settings =
 #if defined(LTC_ADLER32)
     " ADLER32 "
 #endif
-#if defined(LTC_AES_NI) && defined(LTC_AMD64_SSE4_1)
+#if defined(LTC_AES_NI)
     " AES-NI "
 #endif
 #if defined(LTC_BASE64)

tests/cipher_hash_test.c

@@ -14,7 +14,7 @@ int cipher_hash_test(void)
    }
 
    /* explicit AES-NI test */
-#if defined(LTC_HAS_AES_NI)
+#if defined(LTC_AES_NI)
    if (aesni_is_supported()) {
       DO(aesni_test());
    }