aes: implement VAES AVX and AVX512 backends (#482)

Author: silvanshade

.github/workflows/aes.yml

@@ -16,6 +16,7 @@ defaults:
 env:
   CARGO_INCREMENTAL: 0
   RUSTFLAGS: "-Dwarnings"
+  SDE_FULL_VERSION: "9.53.0-2025-03-16"
 
 jobs:
   # Builds for no_std platforms
@@ -68,7 +69,7 @@ jobs:
     env:
       CARGO_INCREMENTAL: 0
       RUSTDOCFLAGS: "-C target-feature=+aes,+ssse3"
-      RUSTFLAGS: "-Dwarnings -C target-feature=+aes,+ssse3"
+      RUSTFLAGS: "-Dwarnings -C target-feature=+aes,+ssse3 --cfg aes_avx512_disable --cfg aes_avx256_disable"
     strategy:
       matrix:
         include:
@@ -97,6 +98,80 @@ jobs:
       - run: cargo test --target ${{ matrix.target }} --features hazmat
       - run: cargo test --target ${{ matrix.target }} --all-features
 
+  # Tests for the VAES AVX backend
+  vaes256:
+    runs-on: ubuntu-latest
+    env:
+      CARGO_INCREMENTAL: 0
+      RUSTFLAGS: "-Dwarnings --cfg aes_avx512_disable"
+    strategy:
+      matrix:
+        include:
+          - target: x86_64-unknown-linux-gnu
+            rust: nightly-2025-05-28
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Intel SDE
+        run: |
+          curl -JLO "https://downloadmirror.intel.com/850782/sde-external-${{ env.SDE_FULL_VERSION }}-lin.tar.xz"
+          tar xvf sde-external-${{ env.SDE_FULL_VERSION }}-lin.tar.xz -C /opt
+          echo "/opt/sde-external-${{ env.SDE_FULL_VERSION }}-lin" >> $GITHUB_PATH
+      - uses: RustCrypto/actions/cargo-cache@master
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      # NOTE: Write a `.cargo/config.toml` to configure the target for VAES
+      # NOTE: We use intel-sde as the runner since not all GitHub CI hosts support AVX512
+      - name: write .cargo/config.toml
+        shell: bash
+        run: |
+          cd ../aes/..
+          mkdir -p .cargo
+          echo '[target.${{ matrix.target }}]'  > .cargo/config.toml
+          echo 'runner = "sde64 -future --"'   >> .cargo/config.toml
+      - run: ${{ matrix.deps }}
+      - run: cargo test --target ${{ matrix.target }}
+      - run: cargo test --target ${{ matrix.target }} --features hazmat
+      - run: cargo test --target ${{ matrix.target }} --all-features
+
+  # Tests for the VAES AVX512 backend
+  vaes512:
+    runs-on: ubuntu-latest
+    env:
+      CARGO_INCREMENTAL: 0
+    strategy:
+      matrix:
+        include:
+          - target: x86_64-unknown-linux-gnu
+            rust: nightly-2025-05-28
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Intel SDE
+        run: |
+          curl -JLO "https://downloadmirror.intel.com/850782/sde-external-${{ env.SDE_FULL_VERSION }}-lin.tar.xz"
+          tar xvf sde-external-${{ env.SDE_FULL_VERSION }}-lin.tar.xz -C /opt
+          echo "/opt/sde-external-${{ env.SDE_FULL_VERSION }}-lin" >> $GITHUB_PATH
+      - uses: RustCrypto/actions/cargo-cache@master
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      # NOTE: Write a `.cargo/config.toml` to configure the target for VAES
+      # NOTE: We use intel-sde as the runner since not all GitHub CI hosts support AVX512
+      - name: write .cargo/config.toml
+        shell: bash
+        run: |
+          cd ../aes/..
+          mkdir -p .cargo
+          echo '[target.${{ matrix.target }}]'  > .cargo/config.toml
+          echo 'runner = "sde64 -future --"'   >> .cargo/config.toml
+      - run: ${{ matrix.deps }}
+      - run: cargo test --target ${{ matrix.target }}
+      - run: cargo test --target ${{ matrix.target }} --features hazmat
+      - run: cargo test --target ${{ matrix.target }} --all-features
+
+
   # Tests for CPU feature autodetection with fallback to portable software implementation
   autodetect:
     runs-on: ubuntu-latest

Cargo.lock

@@ -31,7 +31,7 @@ hazmat = [] # Expose cryptographically hazardous APIs
 
 [lints.rust.unexpected_cfgs]
 level = "warn"
-check-cfg = ["cfg(aes_compact)", "cfg(aes_force_soft)"]
+check-cfg = ["cfg(aes_compact)", "cfg(aes_force_soft)", "cfg(aes_avx256_disable)", "cfg(aes_avx512_disable)"]
 
 [package.metadata.docs.rs]
 all-features = true

aes/Cargo.toml

@@ -25,6 +25,13 @@ use cipher::{
 };
 use core::fmt;
 
+pub(crate) mod features {
+    cpufeatures::new!(features_aes, "aes");
+    pub(crate) mod aes {
+        pub use super::features_aes::*;
+    }
+}
+
 impl_backends!(
     enc_name = Aes128BackEnc,
     dec_name = Aes128BackDec,
@@ -86,18 +93,6 @@ macro_rules! define_aes_impl {
             decrypt: $name_back_dec,
         }
 
-        impl $name {
-            #[inline(always)]
-            pub(crate) fn get_enc_backend(&self) -> &$name_back_enc {
-                &self.encrypt
-            }
-
-            #[inline(always)]
-            pub(crate) fn get_dec_backend(&self) -> &$name_back_dec {
-                &self.decrypt
-            }
-        }
-
         impl KeySizeUser for $name {
             type KeySize = $key_size;
         }
@@ -182,13 +177,6 @@ macro_rules! define_aes_impl {
             backend: $name_back_enc,
         }
 
-        impl $name_enc {
-            #[inline(always)]
-            pub(crate) fn get_enc_backend(&self) -> &$name_back_enc {
-                &self.backend
-            }
-        }
-
         impl KeySizeUser for $name_enc {
             type KeySize = $key_size;
         }
@@ -248,13 +236,6 @@ macro_rules! define_aes_impl {
             backend: $name_back_dec,
         }
 
-        impl $name_dec {
-            #[inline(always)]
-            pub(crate) fn get_dec_backend(&self) -> &$name_back_dec {
-                &self.backend
-            }
-        }
-
         impl KeySizeUser for $name_dec {
             type KeySize = $key_size;
         }