Implementation notes: amd64, speed2supercop, crypto_aead/romulusm

Computer: speed2supercop
Microarchitecture: amd64; Haswell+AES (306c3)
Architecture: amd64
CPU ID: GenuineIntel-000306c3-1fc9cbf5
SUPERCOP version: 20240425
Operation: crypto_aead
Primitive: romulusm
TimeObject sizeTest sizeImplementationCompilerBenchmark dateSUPERCOP version
26869210949 0 023128 728 896aadomn/x86gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
27786013293 0 029021 752 928aadomn/x86gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
27817211917 0 025829 752 928aadomn/x86gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
28210811541 0 024940 744 928aadomn/x86gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
143704431084 640 046981 1400 928aadomn/opt32gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
162865621910 640 035549 1400 928aadomn/opt32gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
164272824696 640 038781 1400 928aadomn/opt32gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
166325620211 640 032528 1376 896aadomn/opt32gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
267687229232 12 045141 764 928T:refgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
53776888524 12 022581 764 928T:refgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
63549405337 12 017640 740 896T:refgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425
341263286082 12 019604 756 928T:refgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2024042720240425

Test failure

Implementation: T:fixslice_opt32
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
error 111
crypto_aead_decrypt returns nonzero
Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:fixslice_opt32
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:fixslice_opt32
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:fixslice_opt32
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:fixslice_opt32

Test failure

Implementation: T:opt32t
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
error 111
crypto_aead_decrypt allows trivial forgeries
Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt32t
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt32t
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt32t
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt32t

Compiler output

Implementation: T:fixslice_opt32
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE
decrypt.c: decrypt.c: In function 'crypto_aead_romulusm_fixslice_opt32_timingleaks_decrypt':
decrypt.c: decrypt.c:56:22: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
decrypt.c: 56 | state[i] ^= m[i];
decrypt.c: | ~~~~~~~~~^~~~~~~
decrypt.c: decrypt.c:24:8: note: at offset 16 into destination object 'state' of size 16
decrypt.c: 24 | u8 state[BLOCKBYTES], pad[BLOCKBYTES];
decrypt.c: | ^~~~~
Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:fixslice_opt32