Implementation notes: amd64, hunsnivy, crypto_aead/aeadaes128ocbtaglen128v1

Computer: hunsnivy
Microarchitecture: amd64; Ivy Bridge+AES (306a9)
Architecture: amd64
CPU ID: GenuineIntel-000306a9-bfebfbff
SUPERCOP version: 20240107
Operation: crypto_aead
Primitive: aeadaes128ocbtaglen128v1
TimeObject sizeTest sizeImplementationCompilerBenchmark dateSUPERCOP version
628713485 21 035440 828 1080T:optgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
770414354 21 038400 860 1016T:optclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
774814314 21 036688 860 1016T:optclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
78665673 0 025086 804 1016T:dolbeau/aesenc-intclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
79127987 0 029720 780 1080T:dolbeau/aesenc-intgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
91507452 0 029688 812 1016T:dolbeau/aesenc-intclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
92757964 0 031872 812 1016T:dolbeau/aesenc-intclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
94835619 0 026424 780 1080T:dolbeau/aesenc-intgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
94835309 0 025679 772 1080T:dolbeau/aesenc-intgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
95845867 0 025766 804 1016T:dolbeau/aesenc-intclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
100344062 0 022867 756 1048T:dolbeau/aesenc-intgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
127687135 21 028112 828 1080T:optgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
129447689 21 027750 852 1016T:optclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
130936720 18 030037 920 1016T:optclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
135017505 21 028112 828 1080T:optgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
137746661 21 026238 852 1016T:optclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
160626011 21 024963 804 1048T:optgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
1153445676 0 029942 844 1016T:refclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
1154485420 0 028014 844 1016T:refclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
1452389772 0 032470 844 1016T:refclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
1455819091 0 031215 828 1048T:refgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
1707792234 0 022020 836 1016T:refclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
1865661978 0 021138 804 1048T:refgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
1867623427 0 024615 828 1048T:refgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212
1983682337 0 022556 836 1016T:refclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121320231212
2026233058 0 023806 820 1048T:refgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121320231212

Compiler output

Implementation: T:dolbeau/aesenc-int
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
encrypt.c: encrypt.c:74:34: warning: incompatible pointer types passing 'const unsigned int *' to parameter of type 'const __m128i_u *' [-Wincompatible-pointer-types]
encrypt.c: __m128i key0 = _mm_loadu_si128((const unsigned int *)(key+0));
encrypt.c: ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/emmintrin.h:3548:34: note: passing argument to parameter '__p' here
encrypt.c: _mm_loadu_si128(__m128i_u const *__p)
encrypt.c: ^
encrypt.c: 1 warning generated.
Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int

Compiler output

Implementation: T:dolbeau/aesenc-int
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
encrypt.c: encrypt.c:74:34: warning: incompatible pointer types passing 'const unsigned int *' to parameter of type 'const __m128i_u *' [-Wincompatible-pointer-types]
encrypt.c: __m128i key0 = _mm_loadu_si128((const unsigned int *)(key+0));
encrypt.c: ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/emmintrin.h:3548:34: note: passing argument to parameter '__p' here
encrypt.c: _mm_loadu_si128(__m128i_u const *__p)
encrypt.c: ^
encrypt.c: encrypt.c:91:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
encrypt.c: BLOCK1(0x01);
encrypt.c: ^
encrypt.c: encrypt.c:82:11: note: expanded from macro 'BLOCK1'
encrypt.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
encrypt.c: ^
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/__wmmintrin_aes.h:136:12: note: expanded from macro '_mm_aeskeygenassist_si128'
encrypt.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
encrypt.c: ^
encrypt.c: encrypt.c:92:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
encrypt.c: BLOCK1(0x02);
encrypt.c: ^
encrypt.c: encrypt.c:82:11: note: expanded from macro 'BLOCK1'
encrypt.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
encrypt.c: ^
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/__wmmintrin_aes.h:136:12: note: expanded from macro '_mm_aeskeygenassist_si128'
encrypt.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
encrypt.c: ^
encrypt.c: encrypt.c:93:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
encrypt.c: ...
Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int

Compiler output

Implementation: T:dolbeau/aesenc-int
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
encrypt.c: encrypt.c: In function 'aes128ni_setkey_encrypt':
encrypt.c: encrypt.c:74:34: warning: passing argument 1 of '_mm_loadu_si128' from incompatible pointer type [-Wincompatible-pointer-types]
encrypt.c: 74 | __m128i key0 = _mm_loadu_si128((const unsigned int *)(key+0));
encrypt.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: | |
encrypt.c: | const unsigned int *
encrypt.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/xmmintrin.h:1316,
encrypt.c: from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:29,
encrypt.c: from encrypt.c:45:
encrypt.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/emmintrin.h:701:35: note: expected 'const __m128i_u *' but argument is of type 'const unsigned int *'
encrypt.c: 701 | _mm_loadu_si128 (__m128i_u const *__P)
encrypt.c: | ~~~~~~~~~~~~~~~~~^~~
Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int

Compiler output

Implementation: T:vaes
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
ocb_vaes.c: ocb_vaes.c:668:19: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'avx2', but would be inlined into function 'ae_encrypt' that is compiled without support for 'avx2'
ocb_vaes.c: k256[i] = _mm256_broadcastsi128_si256(load128(ctx->encrypt_key.rd_key+i));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:669:14: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'avx2', but would be inlined into function 'ae_encrypt' that is compiled without support for 'avx2'
ocb_vaes.c: m[M01] = _mm256_broadcastsi128_si256(xor128(load128(ctx->L+0), load128(ctx->L+1)));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:670:14: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'avx2', but would be inlined into function 'ae_encrypt' that is compiled without support for 'avx2'
ocb_vaes.c: m[M02] = _mm256_broadcastsi128_si256(xor128(load128(ctx->L+0), load128(ctx->L+2)));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:671:14: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'avx2', but would be inlined into function 'ae_encrypt' that is compiled without support for 'avx2'
ocb_vaes.c: m[M03] = _mm256_broadcastsi128_si256(xor128(load128(ctx->L+0), load128(ctx->L+3)));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:693:20: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'avx2', but would be inlined into function 'ae_encrypt' that is compiled without support for 'avx2'
ocb_vaes.c: oa[0] = xor256(_mm256_broadcastsi128_si256(offset), m[M0_01]);
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:693:13: error: always_inline function '_mm256_xor_si256' requires target feature 'avx2', but would be inlined into function 'ae_encrypt' that is compiled without support for 'avx2'
ocb_vaes.c: oa[0] = xor256(_mm256_broadcastsi128_si256(offset), m[M0_01]);
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:142:27: note: expanded from macro 'xor256'
ocb_vaes.c: #define xor256(x,y) _mm256_xor_si256(x,y)
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:694:13: error: always_inline function '_mm256_xor_si256' requires target feature 'avx2', but would be inlined into function 'ae_encrypt' that is compiled without support for 'avx2'
ocb_vaes.c: oa[2] = xor256x3(oa[0], m[M01], m[M02]);
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:143:34: note: expanded from macro 'xor256x3'
ocb_vaes.c: ...
Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes

Compiler output

Implementation: T:vaes
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
ocb_vaes.c: ocb_vaes.c:476:15: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: tmp_blk = reverse_bytes(load128(&ctx->Lstar));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:478:29: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: store128(&ctx->Ldollar, reverse_bytes(tmp_blk));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:480:24: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: store128(ctx->L+0, reverse_bytes(tmp_blk));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:483:25: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: store128(ctx->L+i, reverse_bytes(tmp_blk));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: 4 errors generated.
Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes

Compiler output

Implementation: T:vaes
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
ocb_vaes.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:53,
ocb_vaes.c: from ocb_vaes.c:71:
ocb_vaes.c: ocb_vaes.c: In function 'process_ad':
ocb_vaes.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avx2intrin.h:913:1: error: inlining failed in call to 'always_inline' '_mm256_xor_si256': target specific option mismatch
ocb_vaes.c: 913 | _mm256_xor_si256 (__m256i __A, __m256i __B)
ocb_vaes.c: | ^~~~~~~~~~~~~~~~
ocb_vaes.c: ocb_vaes.c:142:27: note: called from here
ocb_vaes.c: 142 | #define xor256(x,y) _mm256_xor_si256(x,y)
ocb_vaes.c: | ^~~~~~~~~~~~~~~~~~~~~
ocb_vaes.c: ocb_vaes.c:551:13: note: in expansion of macro 'xor256'
ocb_vaes.c: 551 | oa[5] = xor256(oa[4], _mm256_blend_epi32(m[M01], m[M02], 0xf0));
ocb_vaes.c: | ^~~~~~
ocb_vaes.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:53,
ocb_vaes.c: from ocb_vaes.c:71:
ocb_vaes.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avx2intrin.h:971:1: error: inlining failed in call to 'always_inline' '_mm256_blend_epi32': target specific option mismatch
ocb_vaes.c: 971 | _mm256_blend_epi32 (__m256i __X, __m256i __Y, const int __M)
ocb_vaes.c: | ^~~~~~~~~~~~~~~~~~
ocb_vaes.c: ocb_vaes.c:142:27: note: called from here
ocb_vaes.c: 142 | #define xor256(x,y) _mm256_xor_si256(x,y)
ocb_vaes.c: | ^~~~~~~~~~~~~~~~~~~~~
ocb_vaes.c: ocb_vaes.c:551:13: note: in expansion of macro 'xor256'
ocb_vaes.c: 551 | oa[5] = xor256(oa[4], _mm256_blend_epi32(m[M01], m[M02], 0xf0));
ocb_vaes.c: | ^~~~~~
ocb_vaes.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:53,
ocb_vaes.c: from ocb_vaes.c:71:
ocb_vaes.c: ...
Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes