- May 15, 2020
-
-
Kévin Le Gouguec authored
-
- Apr 28, 2020
-
-
Kévin Le Gouguec authored
Reported-by: Jawad Didouh <jawad.didouh@sophiaengineering.com>
-
Kévin Le Gouguec authored
Will be needed for a PACLIDO deliverable document.
-
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
I could not find an "implementors" file for ACORN in SUPERCOP, so I fell back to the "designers" file.
-
Kévin Le Gouguec authored
I forgot I started to add "comments" to some implementation.info files. Note to self: make sure to run felics-run over *all* ciphers when checking for regressions.
-
- Apr 27, 2020
-
-
Kévin Le Gouguec authored
kill -PIPE seems to make simulators and servers exit with an error code; those programs seem to handle SIGINT more gracefully. Couldn't test on nRF52840 nor STM32L053.
-
Kévin Le Gouguec authored
My machine has a "spinning rust" disk; cipher_ram.sh would consistently fail - the first time it was run, - right after dropping caches (echo 3 > /proc/sys/vm/drop_caches). Instead of running "sleep 1" and hoping for the best, run GDB in the foreground. The -tty switch is needed to prevent a weird interaction with the timeout(1) command[1]. Another way to side-step the issue would be to give --foreground to timeout(1); however "in this mode, children of COMMAND will not be timed out". I don't know if that's a problem (empirically it seems not); I figure fixing this locally is better than risking side-effects. [1]: https://notmuchmail.org/pipermail/notmuch/2019/028017.html
-
- Apr 23, 2020
-
-
Kévin Le Gouguec authored
I should have realized back in 30c5ae62 that this parameter was no longer necessary.
-
Kévin Le Gouguec authored
Commit dbc0d5e4 was the commit used to measure performance in PACLIDO's first report on software implementations. Tag it to make it easier to distinguish the work done for the second report.
-
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
-
- Apr 22, 2020
-
-
Kévin Le Gouguec authored
Discount decryption-specific functions for encryption. Decryption still needs the encryption function to process associated data. Lilliput-II simply does not use the TBC decryption function.
-
Kévin Le Gouguec authored
Allow exceptions (functions or variables) to be added to filenames in EncryptCode and DecryptCode, so that e.g. crypto_aead_encrypt and crypto_aead_decrypt can live in the same file without messing up the code size metric.
-
Kévin Le Gouguec authored
Also improve style here and there.
-
Kévin Le Gouguec authored
This is the least intrusive hack I could think of.
-
Kévin Le Gouguec authored
-
- Apr 21, 2020
-
-
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
Hopefully, this will make it easier to refine this metric by specifying symbols to exclude from the encryption/decryption tallies.
-
Kévin Le Gouguec authored
Don't bother with architecture-specific variants; the one from binutils seems to do the job just fine. Sneak a set -u in, and make sure felics-compare does not barf when some metrics are zero; sometimes I stick echo 0… > $output exit 0 at the top of long-running measurement scripts when I am not interested in their metrics.
-
Kévin Le Gouguec authored
The idea is to reduce boilerplate, while implementing something akin to gcc's -ffunction-sections and -fdata-sections flags.
-
- Apr 20, 2020
-
-
Kévin Le Gouguec authored
At this point, the outer 'case' serves no real purpose anymore.
-
Kévin Le Gouguec authored
Two obvious errors: 1. "case $constants_section in". 2. "if [ -f $gdb_stack_sections_log_file ]". Error #1 is a refactoring accident from 887c4207; out of frustration, I slapped a "set -u" at the top of the script, which brought error #2 to light: things were "accidentally working" despite the variable being undefined because [ -f $unsetvar ] ≡ [ -f ] ≡ [ -n -f ] ≡
— test(1) Refactor simulate() slightly to accommodate "set -u". Remove the roundabout check for the executable. -
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
-
Kévin Le Gouguec authored
There never was a 0.1.0, I don't know how I messed that up.
-
Kévin Le Gouguec authored
Long overdue.
-
Kévin Le Gouguec authored
-
- Apr 16, 2020
-
-
Kévin Le Gouguec authored
This will only work with GCC 8. For older version of GCC, we'd need to push/pop a #pragma optimize("unroll-loops") around the loop, and we could not control the unrolling factor. Since the FELICS-AE container uses Ubuntu 18.04 where gcc ≡ gcc-7, this won't actually pay off for now, but from some quick testing the gains are not obvious anyway. GCC 7 (no support for #pragma unroll) vs GCC 8 after this change: AES-128-GCM (vaes-ni with -O3) code_size: -8.75% (9176
8373) code_ram: -15.38% (1144 968) code_time: +5.22% (1380 1452) AES-128-GCM (vaes-ni with -Os) code_size: +20.75% (4240 5120) code_ram: +17.78% (720 848) code_time: -3.18% (1508 1460) The metrics look sort of backward for -O3: I'd expect increased code size (because instructions are duplicated) and decreased execution time (because the loop logic goes away). I don't have an explanation. -
Kévin Le Gouguec authored
Could also pass them as -m flags to gcc, but I figure it's better to keep algorithm-specific stuff away from compiler flags to avoid side-effects on other algorithms.
-
Kévin Le Gouguec authored
Probably not the most efficient split, since lots of code will be duplicated for encryption and decryption. This is just to have something working before iterating on it.
-
Kévin Le Gouguec authored
Not FELICS-compliant as-is.
-
Kévin Le Gouguec authored
Which is a much more satisfying fix than -mhwmult=none. AES-128-GCM (vref with -Os) code_time: -0.06% (20051549
20038829) Take care of the pennies, as they say. -
Kévin Le Gouguec authored
When compiling AES-128-GCM_vref with anything other than -O3 (-Os for example), gcc attempts to use __mspabi_mpyul_hw, the MSP430's hardware multiply, which seems to not work when simulated under mspdebug. Quoth man gcc: > Hardware multiplies are normally performed by calling a library > routine. This saves space in the generated code. When compiling at > -O3 or higher however the hardware multiplier is invoked inline. > This makes for bigger, but faster code. Not sure this commit is the most elegant solution; it seems not to have any performance impact (negative or otherwise) on AES-GCM at -O3, nor on ACORN/Ascon/Lilliput-AE at -O3 and -Os. If I understand correctly, this commit will mainly result in subpar memory performance with -Os, since some instructions will be wasted re-implementing __mspabi_mpyul_hw.
-
- Apr 15, 2020
-
-
Kévin Le Gouguec authored
For as long as I've used FELICS, I've seen the program throw > WARNING: Unknown command line parameter -USB found. /opt/SEGGER/JLink_V670b/Doc/Manuals/UM08001_JLink.pdf says that "-USB" is a valid parameter for JLinkSWOViewer, JLinkSTR91x, JFlashSPI; with JLinkGDBServer it's probably "-select USB"? I'll just remove "-USB" and see if I get away with it, since it Works On My Machine™.
-
- Apr 14, 2020
-
-
Kévin Le Gouguec authored
- unsigned char → uint8_t - unsigned long long → size_t The latter is especially important on platforms where sizeof(size_t)<sizeof(unsigned long long), since 1. it makes no sense to use variables bigger than size_t as indices, 2. handling variables larger than size_t may degrade performance.
-
Kévin Le Gouguec authored
-