jmwample
diff --git a/‎curve25519-dalek/CHANGELOG.md
Lines changed: 4 additions & 0 deletions b/‎curve25519-dalek/CHANGELOG.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎curve25519-dalek/Cargo.toml
Lines changed: 2 additions & 2 deletions b/‎curve25519-dalek/Cargo.toml
Lines changed: 2 additions & 2 deletions
diff --git a/‎curve25519-dalek/README.md
Lines changed: 10 additions & 9 deletions b/‎curve25519-dalek/README.md
Lines changed: 10 additions & 9 deletions
diff --git a/‎curve25519-dalek/build.rs
Lines changed: 41 additions & 19 deletions b/‎curve25519-dalek/build.rs
Lines changed: 41 additions & 19 deletions
diff --git a/‎curve25519-dalek/src/backend/mod.rs
Lines changed: 36 additions & 10 deletions b/‎curve25519-dalek/src/backend/mod.rs
Lines changed: 36 additions & 10 deletions
diff --git a/‎curve25519-dalek/src/backend/serial/fiat_u32/field.rs
Lines changed: 0 additions & 1 deletion b/‎curve25519-dalek/src/backend/serial/fiat_u32/field.rs
Lines changed: 0 additions & 1 deletion
diff --git a/‎curve25519-dalek/src/backend/serial/scalar_mul/precomputed_straus.rs
Lines changed: 10 additions & 2 deletions b/‎curve25519-dalek/src/backend/serial/scalar_mul/precomputed_straus.rs
Lines changed: 10 additions & 2 deletions
diff --git a/‎curve25519-dalek/src/backend/serial/u64/field.rs
Lines changed: 1 addition & 0 deletions b/‎curve25519-dalek/src/backend/serial/u64/field.rs
Lines changed: 1 addition & 0 deletions
diff --git a/‎curve25519-dalek/src/backend/vector/avx2/edwards.rs
Lines changed: 1 addition & 1 deletion b/‎curve25519-dalek/src/backend/vector/avx2/edwards.rs
Lines changed: 1 addition & 1 deletion
diff --git a/‎curve25519-dalek/src/backend/vector/mod.rs
Lines changed: 1 addition & 1 deletion b/‎curve25519-dalek/src/backend/vector/mod.rs
Lines changed: 1 addition & 1 deletion
@@ -3,6 +3,10 @@
 Entries are listed in reverse chronological order per undeprecated
 major series.
 
+## Unreleased
+
+* Move AVX-512 backend selection logic to a separate CFG flag that requires nightly
+
 ## 4.x series
 
 ### 4.1.3
 
@@ -54,7 +54,7 @@ ff = { version = "0.13", default-features = false, optional = true }
 group = { version = "0.13", default-features = false, optional = true }
 rand_core = { version = "0.6.4", default-features = false, optional = true }
 digest = { version = "0.10", default-features = false, optional = true }
-subtle = { version = "2.6.0", default-features = false }
+subtle = { version = "2.6.0", default-features = false, features = ["const-generics"]}
 serde = { version = "1.0", default-features = false, optional = true, features = ["derive"] }
 zeroize = { version = "1", default-features = false, optional = true }
 
@@ -81,7 +81,7 @@ curve25519-dalek-derive = { version = "0.1", path = "../curve25519-dalek-derive"
 level = "warn"
 check-cfg = [
     'cfg(allow_unused_unsafe)',
-    'cfg(curve25519_dalek_backend, values("fiat", "serial", "simd"))',
+    'cfg(curve25519_dalek_backend, values("fiat", "serial", "simd", "unstable_avx512"))',
     'cfg(curve25519_dalek_diagnostics, values("build"))',
     'cfg(curve25519_dalek_bits, values("32", "64"))',
     'cfg(nightly)',
 
@@ -91,11 +91,12 @@ This release also does a lot of dependency updates and relaxations to unblock up
 
 Curve arithmetic is implemented and used by one of the following backends:
 
-| Backend  | Selection | Implementation                                                | Bits / Word sizes |
-| :---     | :---      | :---                                                          | :---              |
-| `serial` | Automatic | An optimized, non-parllel implementation                      | `32` and `64`     |
-| `fiat`   | Manual    | Formally verified field arithmetic from [fiat-crypto]         | `32` and `64`     |
-| `simd`   | Automatic | Intel AVX2 / AVX512 IFMA accelerated backend                  | `64` only         |
+| Backend           | Selection | Implementation                                           | Bits / Word sizes |
+| :---              | :---      | :---                                                     | :---              |
+| `serial`          | Automatic | An optimized, non-parllel implementation                 | `32` and `64`     |
+| `fiat`            | Manual    | Formally verified field arithmetic from [fiat-crypto]    | `32` and `64`     |
+| `simd`            | Automatic | Intel AVX2 accelerated backend                           | `64` only         |
+| `unstable_avx512` | Manual    | Intel AVX512 IFMA accelerated backend (requires nightly) | `64` only         |
 
 At runtime, `curve25519-dalek` selects an arithmetic backend from the set of backends it was compiled to support. For Intel x86-64 targets, unless otherwise specified, it will build itself with `simd` support, and default to `serial` at runtime if the appropriate CPU features aren't detected. See [SIMD backend] for more details.
 
@@ -149,16 +150,16 @@ $ cargo build --target i686-unknown-linux-gnu
 
 ## SIMD backend
 
-The specific SIMD backend (AVX512 / AVX2 / `serial` default) is selected automatically at runtime, depending on the currently available CPU features, and whether Rust nightly is being used for compilation. The precise conditions are specified below.
+When the `simd` backend is selected, the AVX2 or `serial` implementation is selected automatically at runtime, depending on the currently available CPU features. Similarly, when the `unstable_avx512` backend is selected, the AVX512 implementation is selected automatically at runtime if available, or else selection falls through to the aforementioned `simd` backend logic.
 
 For a given CPU feature, you can also specify an appropriate `-C target_feature` to build a binary which assumes the required SIMD instructions are always available. Don't do this if you don't have a good reason.
 
 | Backend | `RUSTFLAGS`                               | Requires nightly? |
 | :---    | :---                                      | :---              |
-| avx2    | `-C target_feature=+avx2`                 | no                |
-| avx512  | `-C target_feature=+avx512ifma,+avx512vl` | yes               |
+| AVX2    | `-C target_feature=+avx2`                 | no                |
+| AVX512  | `-C target_feature=+avx512ifma,+avx512vl` | yes               |
 
-If compiled on a non-nightly compiler, `curve25519-dalek` will not include AVX512 code, and therefore will never select it at runtime.
+To reiterate, the `simd` backend will NOT use AVX512 code under any circumstance. The only way to enable AVX512 currently is to select the `unstable_avx512` backend and use a nightly compiler.
 
 # Documentation
 
 
@@ -35,13 +35,16 @@ fn main() {
 
     println!("cargo:rustc-cfg=curve25519_dalek_bits=\"{curve25519_dalek_bits}\"");
 
-    if rustc_version::version_meta()
+    let nightly = if rustc_version::version_meta()
         .expect("failed to detect rustc version")
         .channel
         == rustc_version::Channel::Nightly
     {
         println!("cargo:rustc-cfg=nightly");
-    }
+        true
+    } else {
+        false
+    };
 
     let rustc_version = rustc_version::version().expect("failed to detect rustc version");
     if rustc_version.major == 1 && rustc_version.minor <= 64 {
@@ -51,25 +54,44 @@ fn main() {
     }
 
     // Backend overrides / defaults
-    let curve25519_dalek_backend =
-        match std::env::var("CARGO_CFG_CURVE25519_DALEK_BACKEND").as_deref() {
-            Ok("fiat") => "fiat",
-            Ok("serial") => "serial",
-            Ok("simd") => {
-                // simd can only be enabled on x86_64 & 64bit target_pointer_width
-                match is_capable_simd(&target_arch, curve25519_dalek_bits) {
-                    true => "simd",
-                    // If override is not possible this must result to compile error
-                    // See: issues/532
-                    false => panic!("Could not override curve25519_dalek_backend to simd"),
+    let curve25519_dalek_backend = match std::env::var("CARGO_CFG_CURVE25519_DALEK_BACKEND")
+        .as_deref()
+    {
+        Ok("fiat") => "fiat",
+        Ok("serial") => "serial",
+        Ok("simd") => {
+            // simd can only be enabled on x86_64 & 64bit target_pointer_width
+            match is_capable_simd(&target_arch, curve25519_dalek_bits) {
+                true => "simd",
+                // If override is not possible this must result to compile error
+                // See: issues/532
+                false => panic!("Could not override curve25519_dalek_backend to simd"),
+            }
+        }
+        Ok("unstable_avx512") if nightly => {
+            // simd can only be enabled on x86_64 & 64bit target_pointer_width
+            match is_capable_simd(&target_arch, curve25519_dalek_bits) {
+                true => {
+                    // In addition enable Avx2 fallback through simd stable backend
+                    // NOTE: Compiler permits duplicate / multi value on the same key
+                    println!("cargo:rustc-cfg=curve25519_dalek_backend=\"simd\"");
+
+                    "unstable_avx512"
                 }
+                // If override is not possible this must result to compile error
+                // See: issues/532
+                false => panic!("Could not override curve25519_dalek_backend to unstable_avx512"),
             }
-            // default between serial / simd (if potentially capable)
-            _ => match is_capable_simd(&target_arch, curve25519_dalek_bits) {
-                true => "simd",
-                false => "serial",
-            },
-        };
+        }
+        Ok("unstable_avx512") if !nightly => {
+            panic!("Could not override curve25519_dalek_backend to unstable_avx512, as this is nigthly only");
+        }
+        // default between serial / simd (if potentially capable)
+        _ => match is_capable_simd(&target_arch, curve25519_dalek_bits) {
+            true => "simd",
+            false => "serial",
+        },
+    };
     println!("cargo:rustc-cfg=curve25519_dalek_backend=\"{curve25519_dalek_backend}\"");
 }
 
 
@@ -46,14 +46,14 @@ pub mod vector;
 enum BackendKind {
     #[cfg(curve25519_dalek_backend = "simd")]
     Avx2,
-    #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+    #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
     Avx512,
     Serial,
 }
 
 #[inline]
 fn get_selected_backend() -> BackendKind {
-    #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+    #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
     {
         cpufeatures::new!(cpuid_avx512, "avx512ifma", "avx512vl");
         let token_avx512: cpuid_avx512::InitToken = cpuid_avx512::init();
@@ -88,7 +88,7 @@ where
         #[cfg(curve25519_dalek_backend = "simd")]
         BackendKind::Avx2 =>
             vector::scalar_mul::pippenger::spec_avx2::Pippenger::optional_multiscalar_mul::<I, J>(scalars, points),
-        #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+        #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
         BackendKind::Avx512 =>
             vector::scalar_mul::pippenger::spec_avx512ifma_avx512vl::Pippenger::optional_multiscalar_mul::<I, J>(scalars, points),
         BackendKind::Serial =>
@@ -100,7 +100,7 @@ where
 pub(crate) enum VartimePrecomputedStraus {
     #[cfg(curve25519_dalek_backend = "simd")]
     Avx2(vector::scalar_mul::precomputed_straus::spec_avx2::VartimePrecomputedStraus),
-    #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+    #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
     Avx512ifma(
         vector::scalar_mul::precomputed_straus::spec_avx512ifma_avx512vl::VartimePrecomputedStraus,
     ),
@@ -120,14 +120,40 @@ impl VartimePrecomputedStraus {
             #[cfg(curve25519_dalek_backend = "simd")]
             BackendKind::Avx2 =>
                 VartimePrecomputedStraus::Avx2(vector::scalar_mul::precomputed_straus::spec_avx2::VartimePrecomputedStraus::new(static_points)),
-            #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+            #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
             BackendKind::Avx512 =>
                 VartimePrecomputedStraus::Avx512ifma(vector::scalar_mul::precomputed_straus::spec_avx512ifma_avx512vl::VartimePrecomputedStraus::new(static_points)),
             BackendKind::Serial =>
                 VartimePrecomputedStraus::Scalar(serial::scalar_mul::precomputed_straus::VartimePrecomputedStraus::new(static_points))
         }
     }
 
+    /// Return the number of static points in the precomputation.
+    pub fn len(&self) -> usize {
+        use crate::traits::VartimePrecomputedMultiscalarMul;
+
+        match self {
+            #[cfg(curve25519_dalek_backend = "simd")]
+            VartimePrecomputedStraus::Avx2(inner) => inner.len(),
+            #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
+            VartimePrecomputedStraus::Avx512ifma(inner) => inner.len(),
+            VartimePrecomputedStraus::Scalar(inner) => inner.len(),
+        }
+    }
+
+    /// Determine if the precomputation is empty.
+    pub fn is_empty(&self) -> bool {
+        use crate::traits::VartimePrecomputedMultiscalarMul;
+
+        match self {
+            #[cfg(curve25519_dalek_backend = "simd")]
+            VartimePrecomputedStraus::Avx2(inner) => inner.is_empty(),
+            #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
+            VartimePrecomputedStraus::Avx512ifma(inner) => inner.is_empty(),
+            VartimePrecomputedStraus::Scalar(inner) => inner.is_empty(),
+        }
+    }
+
     pub fn optional_mixed_multiscalar_mul<I, J, K>(
         &self,
         static_scalars: I,
@@ -150,7 +176,7 @@ impl VartimePrecomputedStraus {
                 dynamic_scalars,
                 dynamic_points,
             ),
-            #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+            #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
             VartimePrecomputedStraus::Avx512ifma(inner) => inner.optional_mixed_multiscalar_mul(
                 static_scalars,
                 dynamic_scalars,
@@ -181,7 +207,7 @@ where
         BackendKind::Avx2 => {
             vector::scalar_mul::straus::spec_avx2::Straus::multiscalar_mul::<I, J>(scalars, points)
         }
-        #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+        #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
         BackendKind::Avx512 => {
             vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::multiscalar_mul::<I, J>(
                 scalars, points,
@@ -210,7 +236,7 @@ where
                 scalars, points,
             )
         }
-        #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+        #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
         BackendKind::Avx512 => {
             vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::optional_multiscalar_mul::<
                 I,
@@ -228,7 +254,7 @@ pub fn variable_base_mul(point: &EdwardsPoint, scalar: &Scalar) -> EdwardsPoint
     match get_selected_backend() {
         #[cfg(curve25519_dalek_backend = "simd")]
         BackendKind::Avx2 => vector::scalar_mul::variable_base::spec_avx2::mul(point, scalar),
-        #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+        #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
         BackendKind::Avx512 => {
             vector::scalar_mul::variable_base::spec_avx512ifma_avx512vl::mul(point, scalar)
         }
@@ -242,7 +268,7 @@ pub fn vartime_double_base_mul(a: &Scalar, A: &EdwardsPoint, b: &Scalar) -> Edwa
     match get_selected_backend() {
         #[cfg(curve25519_dalek_backend = "simd")]
         BackendKind::Avx2 => vector::scalar_mul::vartime_double_base::spec_avx2::mul(a, A, b),
-        #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+        #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
         BackendKind::Avx512 => {
             vector::scalar_mul::vartime_double_base::spec_avx512ifma_avx512vl::mul(a, A, b)
         }
 
@@ -280,7 +280,6 @@ impl FieldElement2625 {
         let mut gt_i: bool;
         let mut eq_i: bool;
 
-        // start from least significant go to most significant
         for i in 0..10 {
             _ul = self.0[i];
             _vl = other.0[i];
 
@@ -46,6 +46,14 @@ impl VartimePrecomputedMultiscalarMul for VartimePrecomputedStraus {
         }
     }
 
+    fn len(&self) -> usize {
+        self.static_lookup_tables.len()
+    }
+
+    fn is_empty(&self) -> bool {
+        self.static_lookup_tables.is_empty()
+    }
+
     fn optional_mixed_multiscalar_mul<I, J, K>(
         &self,
         static_scalars: I,
@@ -75,7 +83,7 @@ impl VartimePrecomputedMultiscalarMul for VartimePrecomputedStraus {
 
         let sp = self.static_lookup_tables.len();
         let dp = dynamic_lookup_tables.len();
-        assert_eq!(sp, static_nafs.len());
+        assert!(sp >= static_nafs.len());
         assert_eq!(dp, dynamic_nafs.len());
 
         // We could save some doublings by looking for the highest
@@ -99,7 +107,7 @@ impl VartimePrecomputedMultiscalarMul for VartimePrecomputedStraus {
             }
 
             #[allow(clippy::needless_range_loop)]
-            for i in 0..sp {
+            for i in 0..static_nafs.len() {
                 let t_ij = static_nafs[i][j];
                 match t_ij.cmp(&0) {
                     Ordering::Greater => {
 
@@ -601,6 +601,7 @@ impl FieldElement51 {
     /// Returns 1 if self is greater than the other and 0 otherwise
     // strategy: check if b-a overflows. if it does not overflow, then a was larger
     pub(crate) fn mpn_sub_n(&self, other: &Self) -> Choice {
+
         let mut _ul = 0_u64;
         let mut _vl = 0_u64;
         let mut _rl = 0_u64;
 
@@ -14,7 +14,7 @@
 //! This module currently has two point types:
 //!
 //! * `ExtendedPoint`: a point stored in vector-friendly format, with
-//! vectorized doubling and addition;
+//!   vectorized doubling and addition;
 //!
 //! * `CachedPoint`: used for readdition.
 //!
 
@@ -16,7 +16,7 @@ pub mod packed_simd;
 
 pub mod avx2;
 
-#[cfg(nightly)]
+#[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
 pub mod ifma;
 
 pub mod scalar_mul;