Implementation notes: amd64, saber214, crypto_aead/romulusm

Test failure

error 111
crypto_aead_decrypt returns nonzero

Test failure

error 111
crypto_aead_decrypt allows trivial forgeries

Compiler output

tk_schedule.c: tk_schedule.c:377:14: warning: argument 1 of type 'uint32_t[64]' {aka 'unsigned int[64]'} with mismatched bound [-Warray-parameter=]
tk_schedule.c:   377 |     uint32_t rtk_1[TKPERMORDER*BLOCKBYTES/4],
tk_schedule.c:       |     ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tk_schedule.c: In file included from tk_schedule.c:17:
tk_schedule.c: tk_schedule.h:40:31: note: previously declared as 'uint32_t *' {aka 'unsigned int *'}
tk_schedule.c:    40 | void tk_schedule_13(uint32_t *rtk_1, uint32_t *rtk_3,
tk_schedule.c:       |                     ~~~~~~~~~~^~~~~
tk_schedule.c: tk_schedule.c:378:14: warning: argument 2 of type 'uint32_t[160]' {aka 'unsigned int[160]'} with mismatched bound [-Warray-parameter=]
tk_schedule.c:   378 |     uint32_t rtk_3[SKINNY128_384_ROUNDS*BLOCKBYTES/4],
tk_schedule.c:       |     ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tk_schedule.c: In file included from tk_schedule.c:17:
tk_schedule.c: tk_schedule.h:40:48: note: previously declared as 'uint32_t *' {aka 'unsigned int *'}
tk_schedule.c:    40 | void tk_schedule_13(uint32_t *rtk_1, uint32_t *rtk_3,
tk_schedule.c:       |                                      ~~~~~~~~~~^~~~~
tk_schedule.c: tk_schedule.c:379:19: warning: argument 3 of type 'const uint8_t[16]' {aka 'const unsigned char[16]'} with mismatched bound [-Warray-parameter=]
tk_schedule.c:   379 |     const uint8_t tk_1[TWEAKEYBYTES],
tk_schedule.c:       |     ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
tk_schedule.c: In file included from tk_schedule.c:17:
tk_schedule.c: tk_schedule.h:41:20: note: previously declared as 'const uint8_t *' {aka 'const unsigned char *'}
tk_schedule.c:    41 |     const uint8_t *tk_1,
tk_schedule.c:       |     ~~~~~~~~~~~~~~~^~~~
tk_schedule.c: tk_schedule.c:380:19: warning: argument 4 of type 'const uint8_t[16]' {aka 'const unsigned char[16]'} with mismatched bound [-Warray-parameter=]
tk_schedule.c:   380 |     const uint8_t tk_3[TWEAKEYBYTES])
tk_schedule.c:       |     ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
tk_schedule.c: In file included from tk_schedule.c:17:
tk_schedule.c: ...

Compiler output

skinny128.c: skinny128.c:200:13: warning: unused variable 'rconst' [-Wunused-variable]
skinny128.c:     __m128i rconst;
skinny128.c:             ^
skinny128.c: 1 warning generated.

Compiler output

skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     DOUBLE_ROUND(rtk_23);
skinny128.c:     ^
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c:     SBOX_ARK_EVEN(rtk_23);      \
skinny128.c:     ^
skinny128.c: skinny128.c:23:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c:     state = _mm_shuffle_epi8(s1, state);    /* apply inner S-box S1 */          \
skinny128.c:             ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c:     SBOX_ARK_EVEN(rtk_23);      \
skinny128.c:     ^
skinny128.c: skinny128.c:24:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c:     tmp0  = _mm_shuffle_epi8(s0, tmp0);     /* apply inner S-box S0 */          \
skinny128.c:             ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c:     SBOX_ARK_EVEN(rtk_23);      \
skinny128.c:     ^
skinny128.c: skinny128.c:32:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c:     tmp0  = _mm_shuffle_epi8(s3, tmp0);     /* apply inner S-box S3 */          \
skinny128.c:             ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: ...

Compiler output

skinny128.c: skinny128.c:91:20: warning: argument 1 of type 'unsigned char *' declared as a pointer [-Warray-parameter=]
skinny128.c:    91 |     unsigned char *out,
skinny128.c:       |     ~~~~~~~~~~~~~~~^~~
skinny128.c: In file included from skinny128.c:11:
skinny128.c: skinny128.h:13:17: note: previously declared as an array 'uint8_t[16]' {aka 'unsigned char[16]'}
skinny128.c:    13 |         uint8_t in[BLOCKBYTES], const uint8_t out[BLOCKBYTES],
skinny128.c:       |         ~~~~~~~~^~~~~~~~~~~~~~
skinny128.c: skinny128.c:92:26: warning: argument 2 of type 'const unsigned char *' declared as a pointer [-Warray-parameter=]
skinny128.c:    92 |     const unsigned char *in,
skinny128.c:       |     ~~~~~~~~~~~~~~~~~~~~~^~
skinny128.c: In file included from skinny128.c:11:
skinny128.c: skinny128.h:13:47: note: previously declared as an array 'const uint8_t[16]' {aka 'const unsigned char[16]'}
skinny128.c:    13 |         uint8_t in[BLOCKBYTES], const uint8_t out[BLOCKBYTES],
skinny128.c:       |                                 ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
skinny128.c: skinny128.c:93:26: warning: argument 3 of type 'const unsigned char *' declared as a pointer [-Warray-parameter=]
skinny128.c:    93 |     const unsigned char *tk1,
skinny128.c:       |     ~~~~~~~~~~~~~~~~~~~~~^~~
skinny128.c: In file included from skinny128.c:11:
skinny128.c: skinny128.h:14:23: note: previously declared as an array 'const uint8_t[16]' {aka 'const unsigned char[16]'}
skinny128.c:    14 |         const uint8_t tk1[TWEAKEYBYTES],
skinny128.c:       |         ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:94:26: warning: argument 4 of type 'const unsigned char *' declared as a pointer [-Warray-parameter=]
skinny128.c:    94 |     const unsigned char *rtk_23)
skinny128.c:       |     ~~~~~~~~~~~~~~~~~~~~~^~~~~~
skinny128.c: In file included from skinny128.c:11:
skinny128.c: ...

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x110D7F
   at 0x...: permute_tk_2 (tk_schedule.c:142)
   by 0x...: permute_tk (tk_schedule.c:287)
   by 0x...: tk_schedule_1 (tk_schedule.c:356)
   by 0x...: tk_schedule_123 (tk_schedule.c:398)
   by 0x...: romulusm_process_ad (romulus_m.c:95)
   by 0x...: crypto_aead_romulusm_aadomn_opt32_constbranchindex_encrypt (encrypt.c:29)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x110EFF
   at 0x...: permute_tk_2 (tk_schedule.c:142)
   by 0x...: permute_tk (tk_schedule.c:287)
   by 0x...: tk_schedule_1 (tk_schedule.c:356)
   by 0x...: tk_schedule_123 (tk_schedule.c:398)
   by 0x...: romulusm_process_ad (romulus_m.c:95)
   by 0x...: crypto_aead_romulusm_aadomn_opt32_constbranchindex_encrypt (encrypt.c:29)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10FD90
   at 0x...: permute_tk_14 (tk_schedule.c:228)
   by 0x...: permute_tk (tk_schedule.c:321)
   by 0x...: tk_schedule_1 (tk_schedule.c:356)
   by 0x...: tk_schedule_123 (tk_schedule.c:398)
   by 0x...: romulusm_process_ad (romulus_m.c:95)
   by 0x...: crypto_aead_romulusm_aadomn_opt32_constbranchindex_encrypt (encrypt.c:29)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10E408
   at 0x...: permute_tk_2 (tk_schedule.c:138)
   by 0x...: permute_tk (tk_schedule.c:287)
   by 0x...: tk_schedule_1 (tk_schedule.c:356)
   by 0x...: tk_schedule_123 (tk_schedule.c:398)
   by 0x...: romulusm_process_ad (romulus_m.c:95)
   by 0x...: crypto_aead_romulusm_aadomn_opt32_constbranchindex_encrypt (encrypt.c:29)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10D553
   at 0x...: tk_schedule_23 (skinny128.c:219)
   by 0x...: romulusm_process_ad (romulus_m.c:94)
   by 0x...: crypto_aead_romulusm_aadomn_x86_constbranchindex_encrypt (encrypt.c:28)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10D6E3
   at 0x...: tk_schedule_23 (skinny128.c:219)
   by 0x...: romulusm_process_ad (romulus_m.c:94)
   by 0x...: crypto_aead_romulusm_aadomn_x86_constbranchindex_encrypt (encrypt.c:28)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10CC6F
   at 0x...: tk_schedule_23 (skinny128.c:219)
   by 0x...: romulusm_process_ad (romulus_m.c:94)
   by 0x...: crypto_aead_romulusm_aadomn_x86_constbranchindex_encrypt (encrypt.c:28)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10C7C7
   at 0x...: tk_schedule_23 (skinny128.c:219)
   by 0x...: romulusm_process_ad (romulus_m.c:94)
   by 0x...: crypto_aead_romulusm_aadomn_x86_constbranchindex_encrypt (encrypt.c:28)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

Passed TIMECOP

TIMECOP iterations: 10