Implementation notes: amd64, titan0, crypto_aead/aes256gcmv1

Computer: titan0
Microarchitecture: amd64; HW+AES (306c3)
Architecture: amd64
CPU ID: GenuineIntel-000306c3-bfebfbff
SUPERCOP version: 20221122
Operation: crypto_aead
Primitive: aes256gcmv1

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
9766	16709 0 0	40365 804 1088	`dolbeau/aesenc-int`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
10289	9637 0 0	31285 804 1088	`dolbeau/aesenc-int`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
10363	6104 0 0	25608 780 1056	`dolbeau/aesenc-int`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
10659	9771 0 0	30860 796 1088	`dolbeau/aesenc-int`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
10882	17118 0 0	40120 860 1056	`dolbeau/aesenc-int`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
10910	17296 0 0	40544 860 1056	`dolbeau/aesenc-int`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
10939	14254 0 0	34016 860 1024	`dolbeau/aesenc-int`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
11151	14146 0 0	34738 852 1088	`dolbeau/aesenc-int`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
12715	893 0 0	23751 940 1024	`T:opensslnew`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221020	20221019
12754	1120 0 0	25779 900 1056	`T:opensslnew`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221020	20221019
12761	890 0 0	21543 940 1024	`T:opensslnew`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221020	20221019
12763	893 0 0	25079 940 1056	`T:opensslnew`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221020	20221019
12779	893 0 0	24799 940 1056	`T:opensslnew`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221020	20221019
12808	1041 0 0	21494 876 1056	`T:opensslnew`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221020	20221019
12881	1120 0 0	23747 900 1056	`T:opensslnew`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221020	20221019
13073	893 0 0	22361 932 1088	`T:opensslnew`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221020	20221019
13252	1148 0 0	23226 892 1056	`T:opensslnew`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221020	20221019
20172	17795 3040 0	1787990 148516 11040	`T:cryptopp`	`clang++_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
20210	40817 3040 0	1799720 148444 11104	`T:cryptopp`	`g++_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
20312	16919 3040 0	1786850 148516 11040	`T:cryptopp`	`clang++_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
20325	14075 2456 0	1782715 148500 11072	`T:cryptopp`	`clang++_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
20400	21277 6160 0	1794250 151076 11008	`T:cryptopp`	`clang++_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
20425	35774 3040 0	1792802 148452 11104	`T:cryptopp`	`g++_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
20582	35743 3040 0	1791356 148452 11104	`T:cryptopp`	`g++_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
20625	15888 4072 0	1763828 149268 11072	`T:cryptopp`	`g++_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
1700097	5079 0 16	28941 804 1120	`ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
1736347	5027 0 16	29000 860 1056	`ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
1743320	3795 0 16	27488 860 1056	`ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
1754854	2872 0 16	25544 860 1056	`ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
1784555	2398 0 16	23714 852 1120	`ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
14607929	1878 0 16	22360 860 1056	`ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221010	20221005
17402887	2333 0 16	24165 804 1120	`ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
17939182	2298 0 16	23604 796 1120	`ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005
18368293	1950 0 16	21688 780 1088	`ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221010	20221005

Compiler output

Implementation: dolbeau/aesenc-int
Security model: constbranchindex
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

aesenc-int.c: aesenc-int.c:665:16: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'crypto_aead_aes256gcmv1_dolbeau_aesenc_int_constbranchindex_encrypt' that is compiled without support for 'ssse3'
aesenc-int.c: __m128i Hv = _mm_shuffle_epi8(_mm_loadu_si128((const __m128i*)H), rev);
aesenc-int.c: ^
aesenc-int.c: 1 error generated.

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	dolbeau/aesenc-int

Compiler output

Implementation: dolbeau/aesenc-int
Security model: constbranchindex
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

aesenc-int.c: aesenc-int.c:25: warning: "_bswap64" redefined
aesenc-int.c: 25 | #define _bswap64(a) __builtin_bswap64(a)
aesenc-int.c: |
aesenc-int.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/x86gprintrin.h:33,
aesenc-int.c: from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:27,
aesenc-int.c: from aesenc-int.c:11:
aesenc-int.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/ia32intrin.h:273: note: this is the location of the previous definition
aesenc-int.c: 273 | #define _bswap64(a) __bswapq(a)
aesenc-int.c: |
aesenc-int.c: aesenc-int.c:26: warning: "_bswap" redefined
aesenc-int.c: 26 | #define _bswap(a) __builtin_bswap32(a)
aesenc-int.c: |
aesenc-int.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/x86gprintrin.h:33,
aesenc-int.c: from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:27,
aesenc-int.c: from aesenc-int.c:11:
aesenc-int.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/ia32intrin.h:307: note: this is the location of the previous definition
aesenc-int.c: 307 | #define _bswap(a) __bswapd(a)
aesenc-int.c: |

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/aesenc-int
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/aesenc-int
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/aesenc-int
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/aesenc-int

Compiler output

Implementation: dolbeau/vaesenc-int
Security model: constbranchindex
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

vaesenc-int.c: vaesenc-int.c:261:34: warning: incompatible pointer types passing 'const __m128i *' to parameter of type 'const __m256i *' [-Wincompatible-pointer-types]
vaesenc-int.c: __m256i nv = _mm256_load_si256((const __m128i *)n);
vaesenc-int.c: ^~~~~~~~~~~~~~~~~~
vaesenc-int.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/avxintrin.h:3143:34: note: passing argument to parameter '__p' here
vaesenc-int.c: _mm256_load_si256(__m256i const *__p)
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:988:18: error: '__builtin_ia32_inserti32x4_256' needs target feature avx512vl
vaesenc-int.c: __m256i H12v = _mm256_inserti32x4(_mm256_inserti32x4(_mm256_undefined_si256(), Hv, 1), H2v, 0);
vaesenc-int.c: ^
vaesenc-int.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/avx512vlintrin.h:7887:13: note: expanded from macro '_mm256_inserti32x4'
vaesenc-int.c: ((__m256i)__builtin_ia32_inserti32x4_256((__v8si)(__m256i)(A), \
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:988:37: error: '__builtin_ia32_inserti32x4_256' needs target feature avx512vl
vaesenc-int.c: __m256i H12v = _mm256_inserti32x4(_mm256_inserti32x4(_mm256_undefined_si256(), Hv, 1), H2v, 0);
vaesenc-int.c: ^
vaesenc-int.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/avx512vlintrin.h:7887:13: note: expanded from macro '_mm256_inserti32x4'
vaesenc-int.c: ((__m256i)__builtin_ia32_inserti32x4_256((__v8si)(__m256i)(A), \
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:989:31: error: always_inline function '_mm256_broadcast_i32x4' requires target feature 'avx512vl', but would be inlined into function 'crypto_aead_aes256gcmv1_dolbeau_vaesenc_int_constbranchindex_encrypt' that is compiled without support for 'avx512vl'
vaesenc-int.c: __m256i H34v = mulvv2(H12v, _mm256_broadcast_i32x4(H2v));
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:990:10: error: '__builtin_ia32_inserti64x4' needs target feature avx512f
vaesenc-int.c: vhv0 = _mm512_inserti64x4(_mm512_inserti64x4(_mm512_undefined_epi32(), H12v, 1), H34v, 0);
vaesenc-int.c: ^
vaesenc-int.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/avx512fintrin.h:7417:13: note: expanded from macro '_mm512_inserti64x4'
vaesenc-int.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	dolbeau/vaesenc-int
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	dolbeau/vaesenc-int
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	dolbeau/vaesenc-int
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	dolbeau/vaesenc-int

Compiler output

Implementation: dolbeau/vaesenc-int
Security model: constbranchindex
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

vaesenc-int.c: vaesenc-int.c:261:34: warning: incompatible pointer types passing 'const __m128i *' to parameter of type 'const __m256i *' [-Wincompatible-pointer-types]
vaesenc-int.c: __m256i nv = _mm256_load_si256((const __m128i *)n);
vaesenc-int.c: ^~~~~~~~~~~~~~~~~~
vaesenc-int.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/avxintrin.h:3143:34: note: passing argument to parameter '__p' here
vaesenc-int.c: _mm256_load_si256(__m256i const *__p)
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:983:16: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'crypto_aead_aes256gcmv1_dolbeau_vaesenc_int_constbranchindex_encrypt' that is compiled without support for 'ssse3'
vaesenc-int.c: __m128i Hv = _mm_shuffle_epi8(_mm_load_si128((const __m128i*)H), rev);
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:988:18: error: '__builtin_ia32_inserti32x4_256' needs target feature avx512vl
vaesenc-int.c: __m256i H12v = _mm256_inserti32x4(_mm256_inserti32x4(_mm256_undefined_si256(), Hv, 1), H2v, 0);
vaesenc-int.c: ^
vaesenc-int.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/avx512vlintrin.h:7887:13: note: expanded from macro '_mm256_inserti32x4'
vaesenc-int.c: ((__m256i)__builtin_ia32_inserti32x4_256((__v8si)(__m256i)(A), \
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:988:37: error: '__builtin_ia32_inserti32x4_256' needs target feature avx512vl
vaesenc-int.c: __m256i H12v = _mm256_inserti32x4(_mm256_inserti32x4(_mm256_undefined_si256(), Hv, 1), H2v, 0);
vaesenc-int.c: ^
vaesenc-int.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/avx512vlintrin.h:7887:13: note: expanded from macro '_mm256_inserti32x4'
vaesenc-int.c: ((__m256i)__builtin_ia32_inserti32x4_256((__v8si)(__m256i)(A), \
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:988:56: error: always_inline function '_mm256_undefined_si256' requires target feature 'avx', but would be inlined into function 'crypto_aead_aes256gcmv1_dolbeau_vaesenc_int_constbranchindex_encrypt' that is compiled without support for 'avx'
vaesenc-int.c: __m256i H12v = _mm256_inserti32x4(_mm256_inserti32x4(_mm256_undefined_si256(), Hv, 1), H2v, 0);
vaesenc-int.c: ^
vaesenc-int.c: vaesenc-int.c:988:56: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
vaesenc-int.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	dolbeau/vaesenc-int

Compiler output

Implementation: dolbeau/vaesenc-int
Security model: constbranchindex
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

vaesenc-int.c: vaesenc-int.c:28: warning: "_bswap64" redefined
vaesenc-int.c: 28 | #define _bswap64(a) __builtin_bswap64(a)
vaesenc-int.c: |
vaesenc-int.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/x86gprintrin.h:33,
vaesenc-int.c: from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:27,
vaesenc-int.c: from vaesenc-int.c:11:
vaesenc-int.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/ia32intrin.h:273: note: this is the location of the previous definition
vaesenc-int.c: 273 | #define _bswap64(a) __bswapq(a)
vaesenc-int.c: |
vaesenc-int.c: vaesenc-int.c:29: warning: "_bswap" redefined
vaesenc-int.c: 29 | #define _bswap(a) __builtin_bswap32(a)
vaesenc-int.c: |
vaesenc-int.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/x86gprintrin.h:33,
vaesenc-int.c: from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:27,
vaesenc-int.c: from vaesenc-int.c:11:
vaesenc-int.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/ia32intrin.h:307: note: this is the location of the previous definition
vaesenc-int.c: 307 | #define _bswap(a) __bswapd(a)
vaesenc-int.c: |
vaesenc-int.c: vaesenc-int.c: In function 'aesni_encryptv2':
vaesenc-int.c: vaesenc-int.c:261:34: warning: passing argument 1 of '_mm256_load_si256' from incompatible pointer type [-Wincompatible-pointer-types]
vaesenc-int.c: 261 | __m256i nv = _mm256_load_si256((const __m128i *)n);
vaesenc-int.c: | ^~~~~~~~~~~~~~~~~~
vaesenc-int.c: | |
vaesenc-int.c: | const __m128i *
vaesenc-int.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:43,
vaesenc-int.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/vaesenc-int
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/vaesenc-int
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/vaesenc-int
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	dolbeau/vaesenc-int

Compiler output

Implementation: T:openssl
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

decrypt.c: decrypt.c:13:18: error: variable has incomplete type 'EVP_CIPHER_CTX' (aka 'struct evp_cipher_ctx_st')
decrypt.c: EVP_CIPHER_CTX x;
decrypt.c: ^
decrypt.c: /usr/include/openssl/types.h:102:16: note: forward declaration of 'struct evp_cipher_ctx_st'
decrypt.c: typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
decrypt.c: ^
decrypt.c: 1 error generated.

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:openssl
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:openssl
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:openssl
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:openssl
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:openssl

Compiler output

Implementation: T:openssl
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

decrypt.c: decrypt.c: In function 'crypto_aead_aes256gcmv1_openssl_timingleaks_decrypt':
decrypt.c: decrypt.c:13:18: error: storage size of 'x' isn't known
decrypt.c: 13 | EVP_CIPHER_CTX x;
decrypt.c: | ^

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:openssl
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:openssl
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:openssl
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:openssl