ghash: add pmull support on aarch64

1 files changed, 19 insertions, 1 deletions

diff --git a/lib/std/crypto/ghash.zig b/lib/std/crypto/ghash.zig
index 04bc6a8275..83446f280b 100644
--- a/lib/std/crypto/ghash.zig
+++ b/lib/std/crypto/ghash.zig
@@ -105,6 +105,17 @@ pub const Ghash = struct {
         return product[0];
     }
 
+    inline fn clmul_pmull(x: u64, y: u64) u64 {
+        const Vector = std.meta.Vector;
+        const product = asm (
+            \\ pmull %[out].1q, %[x].1d, %[y].1d
+            : [out] "=w" (-> Vector(2, u64))
+            : [x] "w" (@bitCast(Vector(2, u64), @as(u128, x))),
+              [y] "w" (@bitCast(Vector(2, u64), @as(u128, y)))
+        );
+        return product[0];
+    }
+
     fn clmul_soft(x: u64, y: u64) u64 {
         const x0 = x & 0x1111111111111111;
         const x1 = x & 0x2222222222222222;
@@ -127,7 +138,14 @@ pub const Ghash = struct {
 
     const has_pclmul = comptime std.Target.x86.featureSetHas(std.Target.current.cpu.features, .pclmul);
     const has_avx = comptime std.Target.x86.featureSetHas(std.Target.current.cpu.features, .avx);
-    const clmul = if (std.Target.current.cpu.arch == .x86_64 and has_pclmul and has_avx) clmul_pclmul else clmul_soft;
+    const has_armaes = comptime std.Target.aarch64.featureSetHas(std.Target.current.cpu.features, .aes);
+    const clmul = if (std.Target.current.cpu.arch == .x86_64 and has_pclmul and has_avx) impl: {
+        break :impl clmul_pclmul;
+    } else if (std.Target.current.cpu.arch == .aarch64 and has_armaes) impl: {
+        break :impl clmul_pmull;
+    } else impl: {
+        break :impl clmul_soft;
+    };
 
     fn blocks(st: *Ghash, msg: []const u8) void {
         assert(msg.len % 16 == 0); // GHASH blocks() expects full blocks