add runtime toggle of AVX2 code in sntrup

crypto/libntrup/include/libntrup/ntru.h

@@ -1,19 +1,25 @@
 #ifndef LIBNTRUP_NTRU_H
 #define LIBNTRUP_NTRU_H
-#ifdef __cplusplus 
-extern "C" {
+#ifdef __cplusplus
+extern "C"
+{
 #endif
 
 #include "ntru_api.h"
 
-void ntru_init(void);
+  void
+  ntru_init(int force_no_avx2);
 
+  int
+  crypto_kem_enc(unsigned char *cstr, unsigned char *k,
+                 const unsigned char *pk);
 
-int crypto_kem_enc(unsigned char *cstr, unsigned char *k, const unsigned char *pk);
-  
-int crypto_kem_dec(unsigned char *k, const unsigned char *cstr, const unsigned char *sk);
+  int
+  crypto_kem_dec(unsigned char *k, const unsigned char *cstr,
+                 const unsigned char *sk);
 
-int crypto_kem_keypair(unsigned char *pk, unsigned char * sk);
+  int
+  crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
 
 #define crypto_kem_SECRETKEYBYTES 1600
 #define crypto_kem_PUBLICKEYBYTES 1218
@@ -23,10 +29,9 @@ int crypto_kem_keypair(unsigned char *pk, unsigned char * sk);
 #define NTRU_PUBLICKEYBYTES CRYPTO_PUBLICKEYBYTES
 #define NTRU_CIPHERTEXTBYTES CRYPTO_CIPHERTEXTBYTES
 
-
 #define CRYPTO_BYTES 32
 
-#ifdef __cplusplus 
+#ifdef __cplusplus
 }
 #endif
 #endif

crypto/libntrup/src/ntru.cpp

@@ -41,9 +41,9 @@ int (*__crypto_kem_keypair)(unsigned char *pk, unsigned char *sk);
 extern "C"
 {
   void
-  ntru_init()
+  ntru_init(int force_no_avx2)
   {
-    if(supports_avx2())
+    if(supports_avx2() && !force_no_avx2)
     {
       __crypto_kem_dec     = &crypto_kem_dec_avx2;
       __crypto_kem_enc     = &crypto_kem_enc_avx2;

llarp/crypto_libsodium.cpp

@@ -165,7 +165,11 @@ void
 llarp_crypto_libsodium_init(struct llarp_crypto *c)
 {
   assert(sodium_init() != -1);
-  ntru_init();
+  char *avx2 = getenv("AVX2_FORCE_DISABLE");
+  if(avx2 && std::string(avx2) == "1")
+    ntru_init(1);
+  else
+    ntru_init(0);
   c->xchacha20           = llarp::sodium::xchacha20;
   c->dh_client           = llarp::sodium::dh_client;
   c->dh_server           = llarp::sodium::dh_server;