Add and document NON_TEMPORAL_STORES

README.md

@@ -28,6 +28,12 @@ To favor performance over side-channel mitigations on WebAssembly and on devices
 zig build -Drelease -Dfavor-performance
 ```
 
+To avoid caching outputs, add `-Dnon-temporal-stores`:
+
+```sh
+zig build -Drelease -Dnon-temporal-stores
+```
+
 ### Compilation with `cmake`:
 
 ```sh
@@ -38,6 +44,7 @@ make install
 ```
 
 To favor performance over side-channel mitigations on WebAssembly and on devices without hardware acceleration, add `-DFAVOR_PERFORMANCE`.
+To avoid caching outputs, add `-DNON_TEMPORAL_STORES`.
 
 ### Direct inclusion
 

build.zig

@@ -14,12 +14,19 @@ pub fn build(b: *std.Build) void {
     lib.strip = true;
 
     const lib_options = b.addOptions();
+
     const favor_performance: bool = b.option(bool, "favor-performance", "Favor performance over side channel mitigations") orelse false;
     lib_options.addOption(bool, "favor_performance", favor_performance);
     if (favor_performance) {
         lib.defineCMacro("FAVOR_PERFORMANCE", "1");
     }
 
+    const non_temporal_stores: bool = b.option(bool, "non-temporal-stores", "Use non-temporal stores") orelse false;
+    lib_options.addOption(bool, "non_temporal_stores", non_temporal_stores);
+    if (non_temporal_stores) {
+        lib.defineCMacro("NON_TEMPORAL_STORES", "1");
+    }
+
     lib.addIncludePath(.{ .path = "src/include" });
 
     lib.addCSourceFiles(&.{

src/aegis128l/aegis128l_aesni.c

@@ -25,8 +25,12 @@ typedef __m128i aes_block_t;
 #define AES_BLOCK_AND(A, B)       _mm_and_si128((A), (B))
 #define AES_BLOCK_LOAD(A)         _mm_loadu_si128((const aes_block_t *) (const void *) (A))
 #define AES_BLOCK_LOAD_64x2(A, B) _mm_set_epi64x((long long) (A), (long long) (B))
-#define AES_BLOCK_STORE(A, B)     _mm_storeu_si128((aes_block_t *) (void *) (A), (B))
-#define AES_ENC(A, B)             _mm_aesenc_si128((A), (B))
+#ifdef NON_TEMPOORAL_STORES
+#define AES_BLOCK_STORE(A, B) _mm_stream_si128((aes_block_t *) (void *) (A), (B))
+#else
+#define AES_BLOCK_STORE(A, B) _mm_storeu_si128((aes_block_t *) (void *) (A), (B))
+#endif
+#define AES_ENC(A, B) _mm_aesenc_si128((A), (B))
 
 static inline void
 aegis128l_update(aes_block_t *const state, const aes_block_t d1, const aes_block_t d2)

src/aegis128x2/aegis128x2_aesni.c

@@ -50,12 +50,22 @@ AES_BLOCK_LOAD_64x2(uint64_t a, uint64_t b)
     const __m128i t = _mm_set_epi64x((long long) a, (long long) b);
     return (aes_block_t) { t, t };
 }
+
+#ifdef NON_TEMPOORAL_STORES
+static inline void
+AES_BLOCK_STORE(uint8_t *a, const aes_block_t b)
+{
+    _mm_stream_si128((__m128i *) (void *) a, b.b0);
+    _mm_stream_si128((__m128i *) (void *) (a + 16), b.b1);
+}
+#else
 static inline void
 AES_BLOCK_STORE(uint8_t *a, const aes_block_t b)
 {
     _mm_storeu_si128((__m128i *) (void *) a, b.b0);
     _mm_storeu_si128((__m128i *) (void *) (a + 16), b.b1);
 }
+#endif
 
 static inline aes_block_t
 AES_ENC(const aes_block_t a, const aes_block_t b)

src/aegis256/aegis256_aesni.c

@@ -25,8 +25,12 @@ typedef __m128i aes_block_t;
 #define AES_BLOCK_AND(A, B)       _mm_and_si128((A), (B))
 #define AES_BLOCK_LOAD(A)         _mm_loadu_si128((const aes_block_t *) (const void *) (A))
 #define AES_BLOCK_LOAD_64x2(A, B) _mm_set_epi64x((long long) (A), (long long) (B))
-#define AES_BLOCK_STORE(A, B)     _mm_storeu_si128((aes_block_t *) (void *) (A), (B))
-#define AES_ENC(A, B)             _mm_aesenc_si128((A), (B))
+#ifdef NON_TEMPOORAL_STORES
+#define AES_BLOCK_STORE(A, B) _mm_stream_si128((aes_block_t *) (void *) (A), (B))
+#else
+#define AES_BLOCK_STORE(A, B) _mm_storeu_si128((aes_block_t *) (void *) (A), (B))
+#endif
+#define AES_ENC(A, B) _mm_aesenc_si128((A), (B))
 
 static inline void
 aegis256_update(aes_block_t *const state, const aes_block_t d)