crypto: implement ARM AES backend for Echo512's FullStateRound()

Author: kwvg

src/Makefile.am

@@ -785,7 +785,8 @@ crypto_libbitcoin_crypto_arm_aes_la_CPPFLAGS = $(AM_CPPFLAGS)
 crypto_libbitcoin_crypto_arm_aes_la_CXXFLAGS += $(ARM_AES_CXXFLAGS)
 crypto_libbitcoin_crypto_arm_aes_la_CPPFLAGS += -DENABLE_ARM_AES
 crypto_libbitcoin_crypto_arm_aes_la_SOURCES = \
-  crypto/x11/arm_crypto/aes.cpp
+  crypto/x11/arm_crypto/aes.cpp \
+  crypto/x11/arm_crypto/echo.cpp
 
 # See explanation for -static in crypto_libbitcoin_crypto_base_la's LDFLAGS and
 # CXXFLAGS above

src/crypto/x11/arm_crypto/echo.cpp

@@ -0,0 +1,38 @@
+// Copyright (c) 2025 The Dash Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#if defined(ENABLE_ARM_AES)
+#include <crypto/x11/util/util.hpp>
+
+#include <cstdint>
+
+#include <arm_neon.h>
+
+namespace sapphire {
+namespace arm_crypto_echo {
+void FullStateRound(uint64_t W[16][2], uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3)
+{
+    uint8x16_t key = util::pack_le(k0, k1, k2, k3);
+    for (int n = 0; n < 16; n++) {
+        uint8x16_t block = vreinterpretq_u8_u64(vld1q_u64(&W[n][0]));
+        block = util::aes_round(block, key);
+        block = util::aes_round_nk(block);
+        vst1q_u64(&W[n][0], vreinterpretq_u64_u8(block));
+
+        util::unpack_le(key, k0, k1, k2, k3);
+        if ((k0 = (k0 + 1)) == 0) {
+            if ((k1 = (k1 + 1)) == 0) {
+                if ((k2 = (k2 + 1)) == 0) {
+                    k3 = (k3 + 1);
+                }
+            }
+        }
+        key = util::pack_le(k0, k1, k2, k3);
+    }
+    util::unpack_le(key, k0, k1, k2, k3);
+}
+} // namespace arm_crypto_echo
+} // namespace sapphire
+
+#endif // ENABLE_ARM_AES

src/crypto/x11/dispatch.cpp

@@ -22,6 +22,11 @@
 #include <sys/auxv.h>
 #endif // __linux__
 
+#if defined(__FreeBSD__)
+#include <machine/elf.h>
+#include <sys/auxv.h>
+#endif // __FreeBSD__
+
 #if defined(_WIN32)
 #include <processthreadsapi.h>
 #include <winnt.h>
@@ -41,6 +46,9 @@ void Round(uint32_t x0, uint32_t x1, uint32_t x2, uint32_t x3,
 void RoundKeyless(uint32_t x0, uint32_t x1, uint32_t x2, uint32_t x3,
                   uint32_t& y0, uint32_t& y1, uint32_t& y2, uint32_t& y3);
 } // namespace arm_crypto_aes
+namespace arm_crypto_echo {
+void FullStateRound(uint64_t W[16][2], uint32_t& k0, uint32_t& k1, uint32_t& k2, uint32_t& k3);
+} // namespace arm_crypto_echo
 #endif // ENABLE_ARM_AES
 
 #if defined(ENABLE_SSSE3)
@@ -139,13 +147,24 @@ void SapphireAutoDetect()
 #endif // __aarch64__
 #endif // __linux__
 
+#if defined(__FreeBSD__)
+    [[maybe_unused]] unsigned long hwcap{0};
+#if defined(__arm__)
+    have_arm_aes = ((::elf_aux_info(AT_HWCAP2, &hwcap, sizeof(hwcap)) == 0) && ((hwcap & HWCAP2_AES) != 0));
+#endif // __arm__
+#if defined(__aarch64__)
+    have_arm_aes = ((::elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap)) == 0) && ((hwcap & HWCAP_AES) != 0));
+#endif // __aarch64__
+#endif // __FreeBSD__
+
 #if defined(_WIN32)
     have_arm_aes = ::IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE);
 #endif // _WIN32
 
     if (have_arm_aes) {
         aes_round = sapphire::arm_crypto_aes::Round;
         aes_round_nk = sapphire::arm_crypto_aes::RoundKeyless;
+        echo_round = sapphire::arm_crypto_echo::FullStateRound;
     }
 #endif // ENABLE_ARM_AES
 #endif // !DISABLE_OPTIMIZED_SHA256