├── bench ├── config │ ├── .gitignore │ ├── version │ ├── bench │ ├── chacha20-openssl │ ├── poly1305-openssl │ ├── curve25519-openssl │ ├── keccak-evercrypt │ ├── keccak │ ├── keccak-openssl │ ├── curve25519 │ ├── keccak-openssl-no-asm │ ├── keccak-openssl-avx2 │ ├── jazz │ ├── poly1305 │ └── chacha20 ├── results │ ├── chacha20 │ │ ├── .gitignore │ │ ├── makefile │ │ ├── gnu │ │ │ ├── chacha20_libjc_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_libsodium_static_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_supercop_v2_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_hacl_star_compcert_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_openssl_static_no_asm_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_libsodium_static_disable_asm_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_libsodium_static_disable_asm_ccomp_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_usuba_static_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_hacl_star_gcc_xor_cycles_32_16384.gnu │ │ │ ├── chacha20_libjc_openssl_static_xor_cycles_32_16384.gnu │ │ │ └── chacha20_libjc_supercop_xor_cycles_32_16384.gnu │ │ └── README.md │ ├── poly1305 │ │ ├── .gitignore │ │ ├── makefile │ │ ├── gnu │ │ │ ├── poly1305_libjc_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_vale_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_hacl_star_gcc_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_libsodium_static_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_openssl_static_no_asm_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_libsodium_static_disable_asm_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_libsodium_static_disable_asm_ccomp_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_hacl_star_compcert_cycles_32_16384.gnu │ │ │ ├── poly1305_libjc_supercop_cycles_32_16384.gnu │ │ │ └── poly1305_libjc_openssl_static_cycles_32_16384.gnu │ │ └── README.md │ ├── curve25519 │ │ ├── README.md │ │ ├── csv │ │ │ └── curve25519_cycles_.csv │ │ ├── makefile │ │ └── gnu │ │ │ └── curve25519_cycles_.gnu │ └── keccak │ │ ├── makefile │ │ ├── gnu │ │ ├── shake256_libjc_cycles__128_16384.gnu │ │ ├── sha3224_evercrypt_cycles__128_16384.gnu │ │ ├── sha3256_evercrypt_cycles__128_16384.gnu │ │ ├── sha3384_evercrypt_cycles__128_16384.gnu │ │ ├── sha3512_evercrypt_cycles__128_16384.gnu │ │ ├── shake128_evercrypt_cycles__128_16384.gnu │ │ ├── shake256_evercrypt_cycles__128_16384.gnu │ │ ├── sha3224_openssl_cycles__128_16384.gnu │ │ ├── sha3256_openssl_cycles__128_16384.gnu │ │ ├── sha3384_openssl_cycles__128_16384.gnu │ │ ├── sha3512_openssl_cycles__128_16384.gnu │ │ ├── shake128_openssl_cycles__128_16384.gnu │ │ └── shake256_openssl_cycles__128_16384.gnu │ │ └── README.md ├── bindings │ ├── crypto_hash │ │ ├── sha3224 │ │ │ ├── jazz │ │ │ │ ├── api.h │ │ │ │ ├── impl.h │ │ │ │ └── sha3224_jazz.c │ │ │ └── evercrypt │ │ │ │ └── compact_gcc │ │ │ │ ├── api.h │ │ │ │ └── sha3224_evercrypt.c │ │ ├── sha3256 │ │ │ ├── jazz │ │ │ │ ├── api.h │ │ │ │ ├── impl.h │ │ │ │ └── sha3256_jazz.c │ │ │ └── evercrypt │ │ │ │ └── compact_gcc │ │ │ │ ├── api.h │ │ │ │ └── sha3256_evercrypt.c │ │ ├── sha3384 │ │ │ ├── jazz │ │ │ │ ├── api.h │ │ │ │ ├── impl.h │ │ │ │ └── sha3384_jazz.c │ │ │ └── evercrypt │ │ │ │ └── compact_gcc │ │ │ │ ├── api.h │ │ │ │ └── sha3384_evercrypt.c │ │ ├── sha3512 │ │ │ ├── jazz │ │ │ │ ├── api.h │ │ │ │ ├── impl.h │ │ │ │ └── sha3512_jazz.c │ │ │ └── evercrypt │ │ │ │ └── compact_gcc │ │ │ │ ├── api.h │ │ │ │ └── sha3512_evercrypt.c │ │ ├── shake128 │ │ │ ├── jazz │ │ │ │ ├── api.h │ │ │ │ ├── impl.h │ │ │ │ └── shake128_jazz.c │ │ │ └── evercrypt │ │ │ │ └── compact_gcc │ │ │ │ ├── api.h │ │ │ │ └── shake128_evercrypt.c │ │ └── shake256 │ │ │ ├── jazz │ │ │ ├── api.h │ │ │ ├── impl.h │ │ │ └── shake256_jazz.c │ │ │ └── evercrypt │ │ │ └── compact_gcc │ │ │ ├── api.h │ │ │ └── shake256_evercrypt.c │ ├── crypto_stream │ │ └── chacha20 │ │ │ ├── jazz │ │ │ ├── impl.h │ │ │ ├── api.h │ │ │ └── chacha20_jazz.c │ │ │ ├── hacl_star │ │ │ ├── ccomp │ │ │ │ ├── api.h │ │ │ │ └── chacha20_hacl_star.c │ │ │ ├── gcc │ │ │ │ ├── api.h │ │ │ │ └── chacha20_hacl_star.c │ │ │ └── gcc_vec │ │ │ │ ├── api.h │ │ │ │ └── chacha20_hacl_star.c │ │ │ ├── libsodium │ │ │ ├── static │ │ │ │ ├── api.h │ │ │ │ └── chacha20_libsodium.c │ │ │ ├── static_disable_asm │ │ │ │ ├── api.h │ │ │ │ └── chacha20_libsodium.c │ │ │ └── static_disable_asm_ccomp │ │ │ │ ├── api.h │ │ │ │ └── chacha20_libsodium.c │ │ │ └── openssl │ │ │ ├── static │ │ │ ├── api.h │ │ │ └── chacha20_openssl.c │ │ │ └── static_no_asm │ │ │ ├── api.h │ │ │ └── chacha20_openssl.c │ ├── crypto_onetimeauth │ │ └── poly1305 │ │ │ ├── jazz │ │ │ ├── impl.h │ │ │ ├── api.h │ │ │ ├── verify_jazz.c │ │ │ └── auth_jazz.c │ │ │ ├── vale │ │ │ ├── api.h │ │ │ └── auth_verify.c │ │ │ ├── hacl_star │ │ │ ├── ccomp │ │ │ │ ├── api.h │ │ │ │ ├── auth_hacl_star.c │ │ │ │ └── verify_hacl_star.c │ │ │ └── gcc │ │ │ │ ├── api.h │ │ │ │ ├── auth_hacl_star.c │ │ │ │ └── verify_hacl_star.c │ │ │ ├── openssl │ │ │ ├── static │ │ │ │ ├── api.h │ │ │ │ ├── verify_openssl.c │ │ │ │ ├── auth_openssl.c │ │ │ │ ├── poly1305.h │ │ │ │ └── poly1305_local.h │ │ │ └── static_no_asm │ │ │ │ ├── api.h │ │ │ │ ├── verify_openssl.c │ │ │ │ ├── auth_openssl.c │ │ │ │ ├── poly1305.h │ │ │ │ └── poly1305_local.h │ │ │ └── libsodium │ │ │ ├── static │ │ │ ├── api.h │ │ │ ├── auth_libsodium.c │ │ │ └── verify_libsodium.c │ │ │ ├── static_disable_asm │ │ │ ├── api.h │ │ │ ├── auth_libsodium.c │ │ │ └── verify_libsodium.c │ │ │ └── static_disable_asm_ccomp │ │ │ ├── api.h │ │ │ ├── auth_libsodium.c │ │ │ └── verify_libsodium.c │ ├── crypto_core │ │ └── keccakf160064bits │ │ │ └── jazz │ │ │ ├── impl.h │ │ │ ├── api.h │ │ │ └── kecccakf1600_jazz.c │ └── crypto_scalarmult │ │ └── curve25519 │ │ ├── jazz │ │ ├── impl.h │ │ ├── mulx │ │ │ ├── impl.h │ │ │ └── api.h │ │ ├── api.h │ │ └── curve25519_jazz.c │ │ ├── fiat-crypto │ │ └── C64 │ │ │ ├── include.c │ │ │ ├── api.h │ │ │ ├── fesquare.h │ │ │ ├── freeze.h │ │ │ ├── femul.h │ │ │ ├── scalarmult_base.c │ │ │ ├── ladderstep.h │ │ │ └── u51.c │ │ ├── boringssl │ │ └── static │ │ │ ├── api.h │ │ │ └── curve25519_openssl.c │ │ ├── hacl_star │ │ ├── ccomp │ │ │ ├── api.h │ │ │ └── curve25519_hacl_star.c │ │ └── gcc │ │ │ ├── api.h │ │ │ └── curve25519_hacl_star.c │ │ ├── libsodium │ │ └── static │ │ │ ├── api.h │ │ │ └── curve25519_libsodium.c │ │ ├── openssl │ │ ├── static │ │ │ ├── api.h │ │ │ └── curve25519_openssl.c │ │ └── static_no_asm │ │ │ ├── api.h │ │ │ └── curve25519_openssl.c │ │ └── evercrypt │ │ └── compact_gcc │ │ ├── api.h │ │ └── curve25519_evercrypt.c ├── patch │ ├── 20180818 │ │ └── okcompilers │ │ │ ├── c-big │ │ │ ├── cpp-big │ │ │ ├── cpp │ │ │ └── c │ ├── 20190110 │ │ ├── okcompilers │ │ │ ├── c-big │ │ │ ├── cpp-big │ │ │ ├── c │ │ │ └── cpp │ │ ├── crypto_hash │ │ │ ├── sha3224 │ │ │ │ ├── checksumbig │ │ │ │ └── checksumsmall │ │ │ ├── sha3256 │ │ │ │ ├── checksumbig │ │ │ │ └── checksumsmall │ │ │ ├── sha3384 │ │ │ │ ├── checksumbig │ │ │ │ └── checksumsmall │ │ │ ├── sha3512 │ │ │ │ ├── checksumbig │ │ │ │ └── checksumsmall │ │ │ ├── shake128 │ │ │ │ ├── checksumbig │ │ │ │ └── checksumsmall │ │ │ └── measure.c │ │ └── crypto_scalarmult │ │ │ └── measure.c │ └── 20190910 │ │ ├── okcompilers │ │ ├── c-big │ │ ├── cpp-big │ │ ├── cpp │ │ └── c │ │ ├── crypto_hash │ │ ├── sha3224 │ │ │ ├── checksumbig │ │ │ └── checksumsmall │ │ ├── sha3256 │ │ │ ├── checksumbig │ │ │ └── checksumsmall │ │ ├── sha3384 │ │ │ ├── checksumbig │ │ │ └── checksumsmall │ │ ├── sha3512 │ │ │ ├── checksumbig │ │ │ └── checksumsmall │ │ ├── shake128 │ │ │ ├── checksumbig │ │ │ └── checksumsmall │ │ └── measure.c │ │ ├── remove │ │ └── crypto_scalarmult │ │ └── measure.c ├── third_party │ ├── kbench-fiat-crypto │ │ ├── amd64 │ │ │ └── api.h │ │ ├── donna32 │ │ │ └── api.h │ │ ├── donna64 │ │ │ └── api.h │ │ ├── fiat32 │ │ │ └── api.h │ │ ├── fiat64 │ │ │ └── api.h │ │ ├── fiat64d │ │ │ └── api.h │ │ ├── hacl64 │ │ │ └── api.h │ │ ├── jazz │ │ │ ├── api.h │ │ │ └── curve25519-jazz.c │ │ ├── sandy2x │ │ │ └── api.h │ │ ├── precomp_adcx │ │ │ └── api.h │ │ └── precomp_bmi2 │ │ │ └── api.h │ └── vale │ │ └── poly1305 │ │ ├── gcc_compat.h │ │ └── poly1305.h ├── .gitignore ├── scripts │ ├── usuba_copy │ ├── vale_copy │ ├── kremlib │ ├── rename_lib │ ├── openssl_shared │ ├── openssl_shared_no_asm │ ├── hacl_star_ccomp │ ├── openssl_static │ ├── openssl_static_no_asm │ ├── libsodium_static │ ├── libsodium_static_disable_asm │ ├── openssl_shared_keccak_avx2 │ ├── evercrypt_compact_gcc │ ├── libsodium_static_disable_asm_ccomp │ ├── hacl_star_gcc │ └── boringssl_static ├── setup1 ├── bench ├── plot ├── plot-fixed ├── curve25519 ├── poly1305 ├── keccak ├── chacha20 └── setup2 ├── proof ├── crypto_hash │ └── keccak1600 │ │ ├── .gitkeep │ │ ├── Makefile │ │ ├── .dir-locals.el │ │ ├── Sponge1600.ec │ │ └── Indifferentiability.eca ├── crypto_scalarmult │ └── curve25519 │ │ └── .gitkeep ├── crypto_core │ └── keccakf160064bits │ │ ├── .gitkeep │ │ ├── .gitignore │ │ ├── Array2p.ec │ │ ├── Array4p.ec │ │ ├── Array96p.ec │ │ ├── Makefile │ │ ├── WArray128p.ec │ │ ├── WArray160p.ec │ │ └── Keccakf1600_pref_op.ec ├── crypto_stream │ └── chacha20 │ │ ├── ChaCha20_savx_CT_proof.ec │ │ ├── ChaCha20_sref_CT_proof.ec │ │ ├── ChaCha20_savx2_CT_proof.ec │ │ └── README.txt ├── crypto_onetimeauth │ └── poly1305 │ │ └── Poly1305_savx2_CT_proof.ec ├── .gitignore └── tests.config ├── src ├── .gitignore ├── crypto_core │ └── keccakf160064bits │ │ ├── avx2 │ │ ├── keccakf1600-m.c │ │ ├── Makefile │ │ ├── keccakf1600.jahh │ │ └── keccakf1600_export.jazz │ │ ├── avx2_openssl │ │ ├── keccakf1600-m.c │ │ ├── Makefile │ │ └── keccakf1600_export.jazz │ │ ├── ref │ │ ├── Makefile │ │ └── keccakf1600_export.jazz │ │ ├── scalar │ │ ├── Makefile │ │ ├── keccakf1600_export.jazz │ │ └── keccakf1600.jahh │ │ └── scalar_g │ │ ├── Makefile │ │ ├── keccakf1600_export.jazz │ │ └── keccakf1600.jahh ├── crypto_hash │ ├── shake256 │ │ ├── ref │ │ │ ├── shake256.jazz │ │ │ ├── Makefile │ │ │ └── shake256-m.c │ │ ├── scalar │ │ │ ├── shake256.jazz │ │ │ ├── Makefile │ │ │ └── shake256-m.c │ │ ├── scalar_g │ │ │ ├── shake256.jazz │ │ │ ├── Makefile │ │ │ └── shake256-m.c │ │ └── avx2 │ │ │ ├── Makefile │ │ │ └── shake256.jazz │ ├── sha3224 │ │ ├── scalar │ │ │ ├── sha3224.jazz │ │ │ ├── Makefile │ │ │ └── sha3224-m.c │ │ └── avx2 │ │ │ ├── Makefile │ │ │ └── sha3224.jazz │ ├── sha3256 │ │ ├── scalar │ │ │ ├── sha3256.jazz │ │ │ ├── Makefile │ │ │ └── sha3256-m.c │ │ └── avx2 │ │ │ ├── Makefile │ │ │ └── sha3256.jazz │ ├── sha3384 │ │ ├── scalar │ │ │ ├── sha3384.jazz │ │ │ ├── Makefile │ │ │ └── sha3384-m.c │ │ └── avx2 │ │ │ ├── Makefile │ │ │ └── sha3384.jazz │ ├── sha3512 │ │ ├── scalar │ │ │ ├── sha3512.jazz │ │ │ ├── Makefile │ │ │ └── sha3512-m.c │ │ └── avx2 │ │ │ ├── Makefile │ │ │ └── sha3512.jazz │ ├── shake128 │ │ ├── scalar │ │ │ ├── shake128.jazz │ │ │ ├── Makefile │ │ │ └── shake128-m.c │ │ └── avx2 │ │ │ ├── Makefile │ │ │ └── shake128.jazz │ └── keccak1600 │ │ ├── ref │ │ └── Makefile │ │ ├── scalar │ │ └── Makefile │ │ ├── avx2 │ │ └── Makefile │ │ └── scalar_g │ │ └── Makefile ├── crypto_scalarmult │ └── curve25519 │ │ ├── ref4 │ │ └── Makefile │ │ └── mulx │ │ ├── Makefile │ │ ├── x25519_scalarmult_export.jazz │ │ ├── x25519_tobytes.jazz │ │ ├── x25519_mul_a24.jazz │ │ ├── x25519_add.jazz │ │ ├── x25519_sub.jazz │ │ └── x25519_invert.jazz ├── crypto_stream │ └── chacha20 │ │ ├── avx │ │ └── Makefile │ │ ├── avx2 │ │ └── Makefile │ │ └── ref │ │ └── Makefile ├── crypto_onetimeauth │ └── poly1305 │ │ ├── avx │ │ └── Makefile │ │ ├── avx2 │ │ └── Makefile │ │ └── ref3 │ │ ├── Makefile │ │ └── poly1305_export.jazz ├── Makefile.common └── Makefile ├── .gitignore ├── env ├── easycrypt.conf └── third_party │ ├── compcert │ └── compcert_v3.6.nix │ └── .emacs ├── Makefile ├── README.md └── .gitmodules /bench/config/.gitignore: -------------------------------------------------------------------------------- 1 | work 2 | -------------------------------------------------------------------------------- /bench/config/version: -------------------------------------------------------------------------------- 1 | 20190910 2 | -------------------------------------------------------------------------------- /proof/crypto_hash/keccak1600/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /bench/results/chacha20/.gitignore: -------------------------------------------------------------------------------- 1 | pdf/ 2 | -------------------------------------------------------------------------------- /bench/results/poly1305/.gitignore: -------------------------------------------------------------------------------- 1 | pdf/ 2 | -------------------------------------------------------------------------------- /proof/crypto_scalarmult/curve25519/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/.gitignore: -------------------------------------------------------------------------------- 1 | _build/ 2 | *.japp 3 | *.s 4 | *.a 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.a 2 | .vagrant 3 | *.log 4 | libjc.tar.gz 5 | -------------------------------------------------------------------------------- /bench/config/bench: -------------------------------------------------------------------------------- 1 | crypto_scalarmult curve25519 jazz/mulx 2 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/avx2/keccakf1600-m.c: -------------------------------------------------------------------------------- 1 | //TODO 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3224/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 28 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3256/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3384/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 48 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3512/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 64 2 | -------------------------------------------------------------------------------- /bench/config/chacha20-openssl: -------------------------------------------------------------------------------- 1 | crypto_stream chacha20 openssl/static 2 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/avx2_openssl/keccakf1600-m.c: -------------------------------------------------------------------------------- 1 | //TODO 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake128/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 168 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake256/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 136 2 | -------------------------------------------------------------------------------- /bench/config/poly1305-openssl: -------------------------------------------------------------------------------- 1 | crypto_onetimeauth poly1305 openssl/static 2 | -------------------------------------------------------------------------------- /bench/patch/20180818/okcompilers/c-big: -------------------------------------------------------------------------------- 1 | gcc -m64 -O3 -fomit-frame-pointer 2 | -------------------------------------------------------------------------------- /bench/patch/20180818/okcompilers/cpp-big: -------------------------------------------------------------------------------- 1 | g++ -m64 -O3 -fomit-frame-pointer 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/okcompilers/c-big: -------------------------------------------------------------------------------- 1 | gcc -m64 -O3 -fomit-frame-pointer 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/okcompilers/cpp-big: -------------------------------------------------------------------------------- 1 | g++ -m64 -O3 -fomit-frame-pointer 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/okcompilers/c-big: -------------------------------------------------------------------------------- 1 | gcc -m64 -O3 -fomit-frame-pointer 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/okcompilers/cpp-big: -------------------------------------------------------------------------------- 1 | g++ -m64 -O3 -fomit-frame-pointer 2 | -------------------------------------------------------------------------------- /bench/config/curve25519-openssl: -------------------------------------------------------------------------------- 1 | crypto_scalarmult curve25519 openssl/static 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3224/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define sha3224_impl sha3224_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3256/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define sha3256_impl sha3256_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3384/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define sha3384_impl sha3384_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3512/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define sha3512_impl sha3512_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake128/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define shake128_impl shake128_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake256/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define shake256_impl shake256_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3224/evercrypt/compact_gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 28 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3256/evercrypt/compact_gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3384/evercrypt/compact_gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 48 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3512/evercrypt/compact_gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 64 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake128/evercrypt/compact_gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 168 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake256/evercrypt/compact_gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 136 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define chacha20_impl chacha20_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define poly1305_impl poly1305_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_core/keccakf160064bits/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define keccakf1600_impl keccakf1600_IMPL 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/jazz/impl.h: -------------------------------------------------------------------------------- 1 | #define curve25519_impl curve25519_IMPL 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/okcompilers/c: -------------------------------------------------------------------------------- 1 | gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv 2 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/ref/shake256.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/ref/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/include.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/jazz/mulx/impl.h: -------------------------------------------------------------------------------- 1 | #define curve25519_impl curve25519_IMPL 2 | -------------------------------------------------------------------------------- /bench/patch/20180818/okcompilers/cpp: -------------------------------------------------------------------------------- 1 | g++ -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/okcompilers/cpp: -------------------------------------------------------------------------------- 1 | g++ -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/okcompilers/cpp: -------------------------------------------------------------------------------- 1 | g++ -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv 2 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3224/scalar/sha3224.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/scalar/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3256/scalar/sha3256.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/scalar/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3384/scalar/sha3384.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/scalar/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3512/scalar/sha3512.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/scalar/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /src/crypto_hash/shake128/scalar/shake128.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/scalar/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/scalar/shake256.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/scalar/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/vale/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/patch/20190910/okcompilers/c: -------------------------------------------------------------------------------- 1 | gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -no-pie 2 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/amd64/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/donna32/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/donna64/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/fiat32/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/fiat64/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/fiat64d/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/hacl64/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/sandy2x/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /env/easycrypt.conf: -------------------------------------------------------------------------------- 1 | [general] 2 | idirs = Jasmin:/home/vagrant/workspace/libjc/env/third_party/jasmin/eclib 3 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/scalar_g/shake256.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_hash/keccak1600/scalar_g/keccak1600.jazz" 2 | -------------------------------------------------------------------------------- /bench/.gitignore: -------------------------------------------------------------------------------- 1 | supercop-* 2 | data/ 3 | third_party_static_libs/ 4 | third_party_shared_libs/ 5 | config/bench 6 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/patch/20180818/okcompilers/c: -------------------------------------------------------------------------------- 1 | gcc -static -Ofast -march=native -mtune=native -fomit-frame-pointer -fwrapv 2 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/precomp_adcx/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/precomp_bmi2/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/hacl_star/ccomp/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/hacl_star/gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/jazz/mulx/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/hacl_star/ccomp/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/hacl_star/gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/libsodium/static/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/openssl/static/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3224/checksumbig: -------------------------------------------------------------------------------- 1 | 308ede006235c1f6336c4041335bfb3b97d4d4367100b3f869b99bc8d0925965 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3224/checksumsmall: -------------------------------------------------------------------------------- 1 | 6f17d2131ba2f0c5930fec6fe1b36cf70f54dd6305b84dad280a06fefa0f9f67 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3256/checksumbig: -------------------------------------------------------------------------------- 1 | 86f524b63449ca0d5c29e58e7bc22c279187af259f83d6eecfb51db5c8d511e9 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3256/checksumsmall: -------------------------------------------------------------------------------- 1 | ebbed3a47232047ad399cb77b6324d6c902f4715de871750545b1a3b12046ebe 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3384/checksumbig: -------------------------------------------------------------------------------- 1 | 11d1cf5daaf24ba92b678859ac629c9791bcc51eced61da1e1616f76cce5229e 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3384/checksumsmall: -------------------------------------------------------------------------------- 1 | ead52bf6e6bb65653ce3fe2e1850f8228a6af202392ebd32df5fd94c4c53cbf8 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3512/checksumbig: -------------------------------------------------------------------------------- 1 | f42dc6f0c1663981a0f059bf08ed1c7d5baf7e461125482ed14bf3aa2ba4d94d 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/sha3512/checksumsmall: -------------------------------------------------------------------------------- 1 | a2ad202e4c91b2b22a059308182b692a08c63ab839c2c0dbdc6e31fe1a9c14f4 2 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/shake128/checksumbig: -------------------------------------------------------------------------------- 1 | 17a6602e7d97a9d90b89d652bb00d8fe3484c8c7a9dcc5f895087c1b66d745a7 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3224/checksumbig: -------------------------------------------------------------------------------- 1 | 308ede006235c1f6336c4041335bfb3b97d4d4367100b3f869b99bc8d0925965 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3224/checksumsmall: -------------------------------------------------------------------------------- 1 | 6f17d2131ba2f0c5930fec6fe1b36cf70f54dd6305b84dad280a06fefa0f9f67 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3256/checksumbig: -------------------------------------------------------------------------------- 1 | 86f524b63449ca0d5c29e58e7bc22c279187af259f83d6eecfb51db5c8d511e9 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3256/checksumsmall: -------------------------------------------------------------------------------- 1 | ebbed3a47232047ad399cb77b6324d6c902f4715de871750545b1a3b12046ebe 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3384/checksumbig: -------------------------------------------------------------------------------- 1 | 11d1cf5daaf24ba92b678859ac629c9791bcc51eced61da1e1616f76cce5229e 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3384/checksumsmall: -------------------------------------------------------------------------------- 1 | ead52bf6e6bb65653ce3fe2e1850f8228a6af202392ebd32df5fd94c4c53cbf8 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3512/checksumbig: -------------------------------------------------------------------------------- 1 | f42dc6f0c1663981a0f059bf08ed1c7d5baf7e461125482ed14bf3aa2ba4d94d 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/sha3512/checksumsmall: -------------------------------------------------------------------------------- 1 | a2ad202e4c91b2b22a059308182b692a08c63ab839c2c0dbdc6e31fe1a9c14f4 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/shake128/checksumbig: -------------------------------------------------------------------------------- 1 | 17a6602e7d97a9d90b89d652bb00d8fe3484c8c7a9dcc5f895087c1b66d745a7 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/boringssl/static/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/hacl_star/ccomp/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/hacl_star/gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/libsodium/static/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/openssl/static/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/hacl_star/gcc_vec/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/openssl/static_no_asm/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/shake128/checksumsmall: -------------------------------------------------------------------------------- 1 | 59aaf3f0d67fd33c1f868a8536a3030035732028885b5018b99dd5d00a400ee8 2 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/shake128/checksumsmall: -------------------------------------------------------------------------------- 1 | 59aaf3f0d67fd33c1f868a8536a3030035732028885b5018b99dd5d00a400ee8 2 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static_no_asm/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/evercrypt/compact_gcc/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/openssl/static_no_asm/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 32 2 | #define CRYPTO_SCALARBYTES 32 3 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/.gitignore: -------------------------------------------------------------------------------- 1 | !Array2p.ec 2 | !Array4p.ec 3 | !Array96p.ec 4 | !WArray128p.ec 5 | !WArray160p.ec 6 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static_disable_asm/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/libsodium/static_disable_asm/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static_disable_asm_ccomp/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_BYTES 16 2 | #define CRYPTO_KEYBYTES 32 3 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/libsodium/static_disable_asm_ccomp/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_KEYBYTES 32 2 | #define CRYPTO_NONCEBYTES 8 3 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/ref4/Makefile: -------------------------------------------------------------------------------- 1 | default: curve25519.japp curve25519.s 2 | @true 3 | 4 | include ../../../Makefile.common 5 | -------------------------------------------------------------------------------- /src/crypto_stream/chacha20/avx/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: chacha20.japp chacha20.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /src/crypto_stream/chacha20/avx2/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: chacha20.japp chacha20.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /src/crypto_stream/chacha20/ref/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: chacha20.japp chacha20.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/Array2p.ec: -------------------------------------------------------------------------------- 1 | from Jasmin require import JArray. 2 | 3 | clone export PolyArray as Array2 with op size <- 2. 4 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/Array4p.ec: -------------------------------------------------------------------------------- 1 | from Jasmin require import JArray. 2 | 3 | clone export PolyArray as Array4 with op size <- 4. 4 | -------------------------------------------------------------------------------- /src/crypto_hash/keccak1600/ref/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: keccak1600.japp keccak1600.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /src/crypto_hash/keccak1600/scalar/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: keccak1600.japp keccak1600.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /src/crypto_onetimeauth/poly1305/avx/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: poly1305.japp poly1305.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /src/crypto_onetimeauth/poly1305/avx2/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: poly1305.japp poly1305.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/Array96p.ec: -------------------------------------------------------------------------------- 1 | from Jasmin require import JArray. 2 | 3 | clone export PolyArray as Array96 with op size <- 96. 4 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3224/scalar/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3224.japp sha3224.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3384/avx2/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3384.japp sha3384.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3384/scalar/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3384.japp sha3384.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3512/avx2/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3512.japp sha3512.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3512/scalar/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3512.japp sha3512.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/shake128/avx2/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: shake128.japp shake128.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/ref/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: shake256.japp shake256.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/Makefile: -------------------------------------------------------------------------------- 1 | check: 2 | for i in `ls *.ec`; do echo $$i; easycrypt -timeout 30 -max-provers 2 -p Z3 -p Alt-Ergo $$i; done 3 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/WArray128p.ec: -------------------------------------------------------------------------------- 1 | from Jasmin require import JWord_array. 2 | 3 | clone export WArray as WArray128 with op size <- 128. 4 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/WArray160p.ec: -------------------------------------------------------------------------------- 1 | from Jasmin require import JWord_array. 2 | 3 | clone export WArray as WArray160 with op size <- 160. 4 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3224/avx2/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3224.japp sha3224.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3256/avx2/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3256.japp sha3256.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3256/scalar/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: sha3256.japp sha3256.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /src/crypto_hash/shake128/scalar/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: shake128.japp shake128.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/scalar/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: shake256.japp shake256.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_hash/keccak1600/avx2/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: keccak1600.japp keccak1600.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /src/crypto_onetimeauth/poly1305/ref3/Makefile: -------------------------------------------------------------------------------- 1 | 2 | default: poly1305_export.japp poly1305_export.s 3 | @true 4 | 5 | include ../../../Makefile.common 6 | 7 | -------------------------------------------------------------------------------- /bench/bindings/crypto_core/keccakf160064bits/jazz/api.h: -------------------------------------------------------------------------------- 1 | #define CRYPTO_OUTPUTBYTES 200 2 | #define CRYPTO_INPUTBYTES 200 3 | #define CRYPTO_KEYBYTES 0 4 | #define CRYPTO_CONSTBYTES 0 5 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/avx2/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: keccakf1600_export.japp keccakf1600_export.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/ref/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: keccakf1600_export.japp keccakf1600_export.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/scalar/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: keccakf1600_export.japp keccakf1600_export.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /proof/crypto_hash/keccak1600/Makefile: -------------------------------------------------------------------------------- 1 | check: 2 | for i in `ls *.ec`; do echo $$i; easycrypt -timeout 30 -max-provers 2 -p Z3 -p Alt-Ergo -I ../../crypto_core/keccakf160064bits/ $$i; done 3 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/scalar_g/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | JASMINC:= jasminc-glob-array 3 | 4 | default: shake256.japp shake256.s 5 | @true 6 | 7 | include ../../../Makefile.common 8 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/mulx/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: x25519_scalarmult_export.japp x25519_scalarmult_export.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/avx2_openssl/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | 3 | default: keccakf1600_export.japp keccakf1600_export.s 4 | @true 5 | 6 | include ../../../Makefile.common 7 | 8 | -------------------------------------------------------------------------------- /src/crypto_hash/keccak1600/scalar_g/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | JASMINC ?= jasminc-glob-array 3 | 4 | default: keccak1600.japp keccak1600.s 5 | @true 6 | 7 | include ../../../Makefile.common 8 | 9 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/avx2/Makefile: -------------------------------------------------------------------------------- 1 | #GFLAGS:= -DKECCAK_1600_SPECIFIC_IMPLEMENTATIONS 2 | JFLAGS:= -lea 3 | 4 | default: shake256.japp shake256.s 5 | @true 6 | 7 | include ../../../Makefile.common 8 | -------------------------------------------------------------------------------- /bench/scripts/usuba_copy: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | dir="$1" 4 | root="$2" 5 | supercop="$root/supercop-`cat $root/config/version`" 6 | 7 | find $dir -name "usuba*" -exec cp -r {} $supercop/crypto_stream/chacha20/ \; 8 | -------------------------------------------------------------------------------- /env/third_party/compcert/compcert_v3.6.nix: -------------------------------------------------------------------------------- 1 | with import {}; 2 | 3 | stdenv.mkDerivation { 4 | name = "ccomp-v3.6"; 5 | buildInputs = [] 6 | ++ (with coqPackages_8_9; [ coq ssreflect ]) 7 | ; 8 | } 9 | -------------------------------------------------------------------------------- /bench/results/curve25519/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | crypto_scalarmult cycles 3 | 4 | # 5 | ![Curve25519 Benchmarks](https://github.com/tfaoliveira/libjc/blob/master/bench/results/curve25519/svg/curve25519_cycles.svg) 6 | 7 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/scalar_g/Makefile: -------------------------------------------------------------------------------- 1 | JFLAGS:= -lea 2 | JASMINC ?= jasminc-glob-array 3 | 4 | default: keccakf1600_export.japp keccakf1600_export.s 5 | @true 6 | 7 | include ../../../Makefile.common 8 | 9 | -------------------------------------------------------------------------------- /src/crypto_onetimeauth/poly1305/ref3/poly1305_export.jazz: -------------------------------------------------------------------------------- 1 | #include "poly1305.jazz" 2 | 3 | export fn poly1305_ref3(reg u64 out, reg u64 in, reg u64 inlen, reg u64 k) 4 | { 5 | poly1305_ref3_local(out, in, inlen, k); 6 | } 7 | -------------------------------------------------------------------------------- /bench/scripts/vale_copy: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | dir="$1" 4 | root="$2" 5 | supercop="$root/supercop-`cat $root/config/version`" 6 | 7 | mkdir -p $supercop/crypto_onetimeauth/poly1305/vale/ 8 | cp $dir/* $supercop/crypto_onetimeauth/poly1305/vale/ 9 | 10 | -------------------------------------------------------------------------------- /src/Makefile.common: -------------------------------------------------------------------------------- 1 | GFLAGS ?= 2 | JFLAGS ?= 3 | JASMINC ?= jasminc 4 | 5 | %.japp: %.jazz 6 | gpp -I../../../ $(GFLAGS) -o $@ $< 7 | 8 | %.s: %.japp 9 | $(JASMINC) $(JFLAGS) -pasm $< > $@ || rm -f $@ 10 | 11 | clean: 12 | @rm -f *.japp *.s 13 | -------------------------------------------------------------------------------- /proof/crypto_stream/chacha20/ChaCha20_savx_CT_proof.ec: -------------------------------------------------------------------------------- 1 | require import ChaCha20_savx_CT. 2 | 3 | equiv chacha20_avx_ct : 4 | M.chacha20_avx ~ M.chacha20_avx : ={output, plain, len, nonce, key, M.leakages} ==> ={M.leakages}. 5 | proof. proc;inline *;sim => />. qed. -------------------------------------------------------------------------------- /proof/crypto_stream/chacha20/ChaCha20_sref_CT_proof.ec: -------------------------------------------------------------------------------- 1 | require import ChaCha20_sref_CT. 2 | 3 | equiv chacha20_ref_ct : 4 | M.chacha20_ref ~ M.chacha20_ref : ={output, plain, len, nonce, key, M.leakages} ==> ={M.leakages}. 5 | proof. proc;inline *;sim => />. qed. -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/avx2/keccakf1600.jahh: -------------------------------------------------------------------------------- 1 | #ifndef KECCAKF1600_AVX2_H 2 | #define KECCAKF1600_AVX2_H 3 | 4 | #define B(base,x) [base + 8*(x)] 5 | #define B8(base,x) (u8)[base + (x)] 6 | #define B256(base,x,o) (u256)[base + 32*(x) - o] 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /bench/scripts/kremlib: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | static_libs_dir="$2" 7 | 8 | (cd $dir && \ 9 | make clean && \ 10 | make && \ 11 | cp libkremlib.a $static_libs_dir/ 12 | ) 13 | -------------------------------------------------------------------------------- /proof/crypto_onetimeauth/poly1305/Poly1305_savx2_CT_proof.ec: -------------------------------------------------------------------------------- 1 | require import Poly1305_savx2_CT. 2 | 3 | equiv poly1305_avx2_CT : M.poly1305_avx2 ~ M.poly1305_avx2 : 4 | ={k, in_0, out, inlen, M.leakages} ==> ={M.leakages}. 5 | proof. proc;inline *;sim. qed. 6 | 7 | -------------------------------------------------------------------------------- /proof/crypto_stream/chacha20/ChaCha20_savx2_CT_proof.ec: -------------------------------------------------------------------------------- 1 | require import ChaCha20_savx2_CT. 2 | 3 | equiv chacha20_avx2_ct : 4 | M.chacha20_avx2 ~ M.chacha20_avx2 : ={output, plain, len, nonce, key, M.leakages} ==> ={M.leakages}. 5 | proof. proc;inline *;sim => />. qed. -------------------------------------------------------------------------------- /proof/crypto_hash/keccak1600/.dir-locals.el: -------------------------------------------------------------------------------- 1 | ((easycrypt-mode . 2 | ((eval . 3 | (cl-flet ((pre (s) (concat (locate-dominating-file buffer-file-name ".dir-locals.el") s))) 4 | (setq easycrypt-load-path `(,(pre "../../crypto_core/keccakf160064bits/"))))))))) 5 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/fesquare.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #undef force_inline 4 | #define force_inline __attribute__((always_inline)) 5 | 6 | static force_inline void fesquare(uint64_t* out, uint64_t x7, uint64_t x8, uint64_t x6, uint64_t x4, uint64_t x2); 7 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/freeze.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #undef force_inline 4 | #define force_inline __attribute__((always_inline)) 5 | 6 | static force_inline void freeze(uint64_t* out, uint64_t x7, uint64_t x8, uint64_t x6, uint64_t x4, uint64_t x2); 7 | -------------------------------------------------------------------------------- /bench/config/keccak-evercrypt: -------------------------------------------------------------------------------- 1 | crypto_hash sha3224 evercrypt/compact_gcc 2 | crypto_hash sha3256 evercrypt/compact_gcc 3 | crypto_hash sha3384 evercrypt/compact_gcc 4 | crypto_hash sha3512 evercrypt/compact_gcc 5 | crypto_hash shake128 evercrypt/compact_gcc 6 | crypto_hash shake256 evercrypt/compact_gcc 7 | -------------------------------------------------------------------------------- /bench/results/curve25519/csv/curve25519_cycles_.csv: -------------------------------------------------------------------------------- 1 | openssl-static-fe64, 122450 2 | sandy2x, 139630 3 | jazz-ref4, 144244 4 | amd64-64, 151252 5 | amd64-51, 153130 6 | openssl-static-disable-fe64, 153194 7 | hacl-star-gcc, 157226 8 | donna-c64, 162742 9 | openssl-static-no-asm, 163312 10 | boringssl-static, 164170 11 | -------------------------------------------------------------------------------- /proof/.gitignore: -------------------------------------------------------------------------------- 1 | Array[0-9]*.ec 2 | WArray[0-9]*.ec 3 | 4 | Poly1305_s*.ec 5 | !Poly1305*_proof.ec 6 | 7 | ChaCha20_s*.ec 8 | !ChaCha20_*_proof.ec 9 | 10 | Keccakf1600_s*.ec 11 | !Keccakf1600_*_proof.ec 12 | 13 | Keccak1600_s*.ec 14 | !Keccak1600_*_proof.ec 15 | 16 | Curve25519_s*.ec 17 | !Curve25519_*_proof.ec 18 | -------------------------------------------------------------------------------- /bench/scripts/rename_lib: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | libname=$1 4 | static_libs_dir=$2 5 | 6 | (cd $static_libs_dir && \ 7 | nm $libname.a | grep " T " | awk -v name="$libname" '{print $3" "name"_"$3}' > symbols_to_rename && \ 8 | objcopy --redefine-syms=symbols_to_rename $libname.a && \ 9 | rm symbols_to_rename 10 | ) 11 | 12 | -------------------------------------------------------------------------------- /env/third_party/.emacs: -------------------------------------------------------------------------------- 1 | (require 'package) 2 | (let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) 3 | (not (gnutls-available-p)))) 4 | (proto (if no-ssl "http" "https"))) 5 | (add-to-list 'package-archives 6 | (cons "melpa" (concat proto "://melpa.org/packages/")) t)) 7 | (package-initialize) 8 | -------------------------------------------------------------------------------- /bench/scripts/openssl_shared: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | lib_dir="$2/$myname" 7 | 8 | mkdir -p $lib_dir 9 | 10 | (cd $dir && \ 11 | (make distclean || true) && \ 12 | ./Configure --prefix=$lib_dir linux-x86_64 && \ 13 | make && \ 14 | make install_runtime_libs 15 | ) 16 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/mulx/x25519_scalarmult_export.jazz: -------------------------------------------------------------------------------- 1 | #include "x25519_scalarmult.jazz" 2 | 3 | export fn curve25519_mulx(reg u64 out scalar point) 4 | { 5 | _x25519_scalarmult(out, scalar, point); 6 | } 7 | 8 | export fn curve25519_mulx_base(reg u64 out scalar table) 9 | { 10 | _x25519_scalarmult_base(out, scalar, table); 11 | } 12 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/femul.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #undef force_inline 4 | #define force_inline __attribute__((always_inline)) 5 | 6 | static force_inline void femul(uint64_t* out, uint64_t x10, uint64_t x11, uint64_t x9, uint64_t x7, uint64_t x5, uint64_t x18, uint64_t x19, uint64_t x17, uint64_t x15, uint64_t x13); 7 | -------------------------------------------------------------------------------- /bench/results/keccak/makefile: -------------------------------------------------------------------------------- 1 | .PHONY: csv svg pdf 2 | 3 | # sync with the most recent version of data/poly1305-******** 4 | csv: 5 | cp `find ../../data/ -type d -name "keccak*" | sort -r | head -n1`/*.csv ./csv/ 6 | 7 | svg: 8 | (cd gnu && gnuplot *.gnu) 9 | 10 | pdf: 11 | (cd svg && find . -name "*.svg" -exec inkscape {} --export-pdf=../pdf/{}.pdf \;) 12 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/hacl_star/ccomp/auth_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_onetimeauth.h" 2 | 3 | int crypto_onetimeauth( 4 | unsigned char *out, 5 | const unsigned char *in, 6 | unsigned long long inlen, 7 | const unsigned char *k 8 | ) 9 | { 10 | hacl_star_ccomp_Poly1305_64_crypto_onetimeauth(out, in, inlen, k); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /bench/results/poly1305/makefile: -------------------------------------------------------------------------------- 1 | .PHONY: csv svg pdf 2 | 3 | # sync with the most recent version of data/poly1305-******** 4 | csv: 5 | cp `find ../../data/ -type d -name "poly1305*" | sort -r | head -n1`/*.csv ./csv/ 6 | 7 | svg: 8 | (cd gnu && gnuplot *.gnu) 9 | 10 | pdf: 11 | (cd svg && find . -name "*.svg" -exec inkscape {} --export-pdf=../pdf/{}.pdf \;) 12 | -------------------------------------------------------------------------------- /bench/scripts/openssl_shared_no_asm: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | lib_dir="$2/$myname" 7 | 8 | mkdir -p $lib_dir 9 | 10 | (cd $dir && \ 11 | (make distclean || true) && \ 12 | ./Configure no-asm --prefix=$lib_dir linux-x86_64 && \ 13 | make && \ 14 | make install_runtime_libs 15 | ) 16 | -------------------------------------------------------------------------------- /bench/results/curve25519/makefile: -------------------------------------------------------------------------------- 1 | .PHONY: csv svg pdf 2 | 3 | # sync with the most recent version of data/curve25519-******** 4 | csv: 5 | cp `find ../../data/ -type d -name "curve25519*" | sort -r | head -n1`/*.csv ./csv/ 6 | 7 | svg: 8 | (cd gnu && gnuplot *.gnu) 9 | 10 | pdf: 11 | (cd svg && find . -name "*.svg" -exec inkscape {} --export-pdf=../pdf/{}.pdf \;) 12 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/hacl_star/gcc/auth_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_onetimeauth.h" 2 | 3 | int crypto_onetimeauth( 4 | unsigned char *out, 5 | const unsigned char *in, 6 | unsigned long long inlen, 7 | const unsigned char *k 8 | ) 9 | { 10 | hacl_star_gcc_Hacl_Poly1305_64_crypto_onetimeauth(out, in, inlen, k); 11 | return 0; 12 | } 13 | 14 | 15 | -------------------------------------------------------------------------------- /bench/results/chacha20/makefile: -------------------------------------------------------------------------------- 1 | .PHONY: csv svg pdf 2 | 3 | # sync with the most recent version of data/chacha20-******** 4 | csv: 5 | cp `find ../../data/ -type d -name "chacha20*" | sort -r | head -n1`/*.csv ./csv/ 6 | 7 | svg: 8 | (cd gnu && gnuplot *.gnu) 9 | 10 | pdf: 11 | mkdir -p pdf 12 | (cd svg && find . -name "*.svg" -exec inkscape {} --export-pdf=../pdf/{}.pdf \;) 13 | -------------------------------------------------------------------------------- /bench/scripts/hacl_star_ccomp: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | libs_dir="$2" 7 | makefile="$3" 8 | 9 | (cd $dir && \ 10 | cp $makefile . && \ 11 | make clean && \ 12 | make libhacl.a && \ 13 | cp libhacl.a $libs_dir/$myname.a && \ 14 | cd $libs_dir && \ 15 | $whereami/rename_lib $myname $libs_dir 16 | ) 17 | -------------------------------------------------------------------------------- /bench/scripts/openssl_static: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | libs_dir="$2" 7 | 8 | (cd $dir && \ 9 | (make distclean || true) && \ 10 | ./Configure no-shared linux-x86_64 && \ 11 | make && \ 12 | cp libcrypto.a $libs_dir/$myname.a && \ 13 | cd $libs_dir && \ 14 | $whereami/rename_lib $myname $libs_dir 15 | ) 16 | 17 | -------------------------------------------------------------------------------- /bench/scripts/openssl_static_no_asm: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | libs_dir="$2" 7 | 8 | (cd $dir && \ 9 | (make distclean || true) && \ 10 | ./Configure no-shared no-asm linux-x86_64 && \ 11 | make && \ 12 | cp libcrypto.a $libs_dir/$myname.a && \ 13 | cd $libs_dir && \ 14 | $whereami/rename_lib $myname $libs_dir 15 | ) 16 | 17 | -------------------------------------------------------------------------------- /bench/results/curve25519/gnu/curve25519_cycles_.gnu: -------------------------------------------------------------------------------- 1 | 2 | set term svg enhanced background rgb 'white' 3 | set yrange [0:180000] 4 | set title "curve25519" 5 | set output "../svg/curve25519_cycles.svg" 6 | set boxwidth 0.5 relative 7 | set style fill solid 0.5 8 | set xlabel "implementations" 9 | set ylabel "cycles" 10 | set xtics rotate 11 | plot "../csv/curve25519_cycles_.csv" using 0:2:xticlabels(1) with boxes notitle 12 | -------------------------------------------------------------------------------- /bench/bindings/crypto_core/keccakf160064bits/jazz/kecccakf1600_jazz.c: -------------------------------------------------------------------------------- 1 | #include "crypto_core.h" 2 | #include "impl.h" 3 | #include "api.h" 4 | 5 | extern void keccakf1600_impl( 6 | unsigned char *out, 7 | const unsigned char *in 8 | ); 9 | 10 | int crypto_core(unsigned char *out, const unsigned char *in, const unsigned char *k, const unsigned char *c) 11 | { 12 | keccakf1600_ref(out, in); 13 | return 0; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /proof/tests.config: -------------------------------------------------------------------------------- 1 | [default] 2 | bin = easycrypt 3 | args = -timeout 30 -max-provers 2 -p Z3 -p Alt-Ergo -I Jasmin:eclib -I crypto_core/keccakf160064bits 4 | 5 | [test-chacha20] 6 | okdirs = !crypto_stream/chacha20 7 | 8 | [test-poly1305] 9 | okdirs = !crypto_onetimeauth/poly1305 10 | 11 | [test-keccakf160064bits] 12 | okdirs = !crypto_core/keccakf160064bits 13 | 14 | [test-keccak1600] 15 | okdirs = !crypto_hash/keccak1600 16 | -------------------------------------------------------------------------------- /bench/scripts/libsodium_static: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | libs_dir="$2" 7 | 8 | (cd $dir && \ 9 | (make distclean || true) && \ 10 | ./configure --enable-static && \ 11 | make && \ 12 | make check && \ 13 | cp src/libsodium/.libs/libsodium.a $libs_dir/$myname.a && \ 14 | cd $libs_dir && \ 15 | $whereami/rename_lib $myname $libs_dir 16 | ) 17 | 18 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static/auth_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_onetimeauth.h" 2 | #include 3 | 4 | int crypto_onetimeauth( 5 | unsigned char *out, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | libsodium_static_sodium_init(); 12 | libsodium_static_crypto_onetimeauth_poly1305(out, in, inlen, k); 13 | return 0; 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/hacl_star/ccomp/verify_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | 4 | int crypto_onetimeauth_verify( 5 | const unsigned char *h, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char correct[16]; 12 | crypto_onetimeauth(correct,in,inlen,k); 13 | return crypto_verify_16(h,correct); 14 | } 15 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/hacl_star/gcc/verify_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | 4 | int crypto_onetimeauth_verify( 5 | const unsigned char *h, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char correct[16]; 12 | crypto_onetimeauth(correct,in,inlen,k); 13 | return crypto_verify_16(h,correct); 14 | } 15 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static/verify_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | 4 | int crypto_onetimeauth_verify( 5 | const unsigned char *h, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | libsodium_static_sodium_init(); 12 | return libsodium_static_crypto_onetimeauth_poly1305_verify(h, in, inlen, k); 13 | } 14 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static/verify_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | 4 | int crypto_onetimeauth_verify( 5 | const unsigned char *h, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char correct[16]; 12 | crypto_onetimeauth(correct,in,inlen,k); 13 | return crypto_verify_16(h,correct); 14 | } 15 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static_no_asm/verify_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | 4 | int crypto_onetimeauth_verify( 5 | const unsigned char *h, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char correct[16]; 12 | crypto_onetimeauth(correct,in,inlen,k); 13 | return crypto_verify_16(h,correct); 14 | } 15 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/ref/keccakf1600_export.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_core/keccakf160064bits/ref/keccakf1600.jazz" 2 | 3 | export fn keccakf1600_ref(reg u64 out in) 4 | { 5 | inline int i; 6 | stack u64[25] state; 7 | reg u64 t; 8 | 9 | for i=0 to 25 10 | { t = [in + 8*i]; 11 | state[i] = t; } 12 | 13 | state = __keccakf1600_ref(state); 14 | 15 | for i=0 to 25 16 | { t = state[i]; 17 | [out + 8*i] = t; } 18 | } 19 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/jazz/verify_jazz.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | #include "impl.h" 4 | 5 | int crypto_onetimeauth_verify( 6 | const unsigned char *h, 7 | const unsigned char *in, 8 | unsigned long long inlen, 9 | const unsigned char *k 10 | ) 11 | { 12 | unsigned char correct[16]; 13 | crypto_onetimeauth(correct,in,inlen,k); 14 | return crypto_verify_16(h,correct); 15 | } 16 | -------------------------------------------------------------------------------- /bench/scripts/libsodium_static_disable_asm: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | libs_dir="$2" 7 | 8 | (cd $dir && \ 9 | (make distclean || true) && \ 10 | ./configure --enable-static --disable-asm && \ 11 | make && \ 12 | make check && \ 13 | cp src/libsodium/.libs/libsodium.a $libs_dir/$myname.a && \ 14 | cd $libs_dir && \ 15 | $whereami/rename_lib $myname $libs_dir 16 | ) 17 | 18 | -------------------------------------------------------------------------------- /bench/config/keccak: -------------------------------------------------------------------------------- 1 | crypto_hash sha3224 jazz/scalar 2 | crypto_hash sha3224 jazz/avx2 3 | 4 | crypto_hash sha3256 jazz/scalar 5 | crypto_hash sha3256 jazz/avx2 6 | 7 | crypto_hash sha3384 jazz/scalar 8 | crypto_hash sha3384 jazz/avx2 9 | 10 | crypto_hash sha3512 jazz/scalar 11 | crypto_hash sha3512 jazz/avx2 12 | 13 | crypto_hash shake128 jazz/scalar 14 | crypto_hash shake128 jazz/avx2 15 | 16 | crypto_hash shake256 jazz/scalar 17 | crypto_hash shake256 jazz/avx2 18 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/scalar_g/keccakf1600_export.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_core/keccakf160064bits/scalar_g/keccakf1600.jazz" 2 | 3 | export fn keccakf1600_scalar_g(reg u64 out in) 4 | { 5 | inline int i; 6 | _state_t state; 7 | reg u64 t; 8 | 9 | for i=0 to 25 10 | { t = [in + 8*i]; 11 | B(state,i) = t; } 12 | 13 | state = __keccakf1600_scalar_g(state); 14 | 15 | for i=0 to 25 16 | { t = B(state,i); 17 | [out + 8*i] = t; } 18 | } 19 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static_disable_asm/auth_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_onetimeauth.h" 2 | #include 3 | 4 | int crypto_onetimeauth( 5 | unsigned char *out, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | libsodium_static_disable_asm_sodium_init(); 12 | libsodium_static_disable_asm_crypto_onetimeauth_poly1305(out, in, inlen, k); 13 | return 0; 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/scalarmult_base.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | int crypto_scalarmult( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ); 8 | 9 | static const unsigned char basepoint[32] = {9}; 10 | 11 | int crypto_scalarmult_base( 12 | unsigned char *q, 13 | const unsigned char *n 14 | ) 15 | { 16 | int r; 17 | r = crypto_scalarmult(q,n,basepoint); 18 | return 0; 19 | } 20 | 21 | -------------------------------------------------------------------------------- /bench/scripts/openssl_shared_keccak_avx2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | lib_dir="$2/$myname" 7 | build_info="$3" 8 | 9 | mkdir -p $lib_dir 10 | 11 | (cd $dir && \ 12 | (make distclean || true) && \ 13 | cp $build_info crypto/sha/build.info && \ 14 | ./Configure --prefix=$lib_dir linux-x86_64 && \ 15 | make && \ 16 | make install_runtime_libs && \ 17 | git checkout crypto/sha/build.info 18 | ) 19 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/scalar/keccakf1600_export.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_core/keccakf160064bits/scalar/keccakf1600.jazz" 2 | 3 | export fn keccakf1600_ref(reg u64 out in _iotas) 4 | { 5 | inline int i; 6 | _state_t state; 7 | reg u64 t; 8 | 9 | for i=0 to 25 10 | { t = [in + 8*i]; 11 | B(state,i) = t; } 12 | 13 | state, _iotas = __keccakf1600_scalar(state, _iotas); 14 | 15 | for i=0 to 25 16 | { t = B(state,i); 17 | [out + 8*i] = t; } 18 | } 19 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static_disable_asm/verify_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | 4 | int crypto_onetimeauth_verify( 5 | const unsigned char *h, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | libsodium_static_disable_asm_sodium_init(); 12 | return libsodium_static_disable_asm_crypto_onetimeauth_poly1305_verify(h, in, inlen, k); 13 | } 14 | -------------------------------------------------------------------------------- /bench/third_party/vale/poly1305/gcc_compat.h: -------------------------------------------------------------------------------- 1 | #ifndef __GCC_COMPAT_H 2 | #define __GCC_COMPAT_H 3 | 4 | #ifndef _MSC_VER 5 | // Use the gcc predefined macros if on a platform/architectures that set them. Otherwise define them to be empty. 6 | #ifndef __cdecl 7 | #define __cdecl 8 | #endif 9 | #ifndef __stdcall 10 | #define __stdcall 11 | #endif 12 | #ifndef __fastcall 13 | #define __fastcall 14 | #endif 15 | #endif 16 | 17 | 18 | #endif // __GCC_COMPAT_H 19 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/ref/shake256-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_ref( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c 10 | ); 11 | 12 | int shake256_ref(unsigned char *out,const unsigned char *in,unsigned long long inlen) 13 | { 14 | uint64_t c[] = {0x1F, (1088/8)}; 15 | keccak1600_ref(out, 136, in, inlen, c); 16 | return 0; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3224/evercrypt/compact_gcc/sha3224_evercrypt.c: -------------------------------------------------------------------------------- 1 | #include "crypto_hash.h" 2 | #include "api.h" 3 | #include 4 | #include 5 | 6 | extern void 7 | Hacl_SHA3_sha3_224( 8 | uint32_t inputByteLen, 9 | uint8_t *input, 10 | uint8_t *output 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | evercrypt_compact_gcc_Hacl_SHA3_sha3_224((uint32_t)inlen, in, out); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3256/evercrypt/compact_gcc/sha3256_evercrypt.c: -------------------------------------------------------------------------------- 1 | #include "crypto_hash.h" 2 | #include "api.h" 3 | #include 4 | #include 5 | 6 | extern void 7 | Hacl_SHA3_sha3_256( 8 | uint32_t inputByteLen, 9 | uint8_t *input, 10 | uint8_t *output 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | evercrypt_compact_gcc_Hacl_SHA3_sha3_256((uint32_t)inlen, in, out); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3384/evercrypt/compact_gcc/sha3384_evercrypt.c: -------------------------------------------------------------------------------- 1 | #include "crypto_hash.h" 2 | #include "api.h" 3 | #include 4 | #include 5 | 6 | extern void 7 | Hacl_SHA3_sha3_384( 8 | uint32_t inputByteLen, 9 | uint8_t *input, 10 | uint8_t *output 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | evercrypt_compact_gcc_Hacl_SHA3_sha3_384((uint32_t)inlen, in, out); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3512/evercrypt/compact_gcc/sha3512_evercrypt.c: -------------------------------------------------------------------------------- 1 | #include "crypto_hash.h" 2 | #include "api.h" 3 | #include 4 | #include 5 | 6 | extern void 7 | Hacl_SHA3_sha3_512( 8 | uint32_t inputByteLen, 9 | uint8_t *input, 10 | uint8_t *output 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | evercrypt_compact_gcc_Hacl_SHA3_sha3_512((uint32_t)inlen, in, out); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static_disable_asm_ccomp/auth_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_onetimeauth.h" 2 | #include 3 | 4 | int crypto_onetimeauth( 5 | unsigned char *out, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | libsodium_static_disable_asm_ccomp_sodium_init(); 12 | libsodium_static_disable_asm_ccomp_crypto_onetimeauth_poly1305(out, in, inlen, k); 13 | return 0; 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/libsodium/static_disable_asm_ccomp/verify_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | 4 | int crypto_onetimeauth_verify( 5 | const unsigned char *h, 6 | const unsigned char *in, 7 | unsigned long long inlen, 8 | const unsigned char *k 9 | ) 10 | { 11 | libsodium_static_disable_asm_ccomp_sodium_init(); 12 | return libsodium_static_disable_asm_ccomp_crypto_onetimeauth_poly1305_verify(h, in, inlen, k); 13 | } 14 | -------------------------------------------------------------------------------- /bench/scripts/evercrypt_compact_gcc: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | static_libs_dir="$2" 7 | shared_libs_dir="$3/$myname" 8 | 9 | mkdir -p $shared_libs_dir 10 | 11 | (cd $dir && \ 12 | make clean && \ 13 | make && \ 14 | cp libevercrypt.a $static_libs_dir/$myname.a && \ 15 | cp libevercrypt.so $shared_libs_dir/$myname.so && \ 16 | cd $static_libs_dir && \ 17 | $whereami/rename_lib $myname $static_libs_dir 18 | ) 19 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/scalar_g/shake256-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_scalar_g( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c 10 | ); 11 | 12 | int shake256_scalar_g(unsigned char *out,const unsigned char *in,unsigned long long inlen) 13 | { 14 | uint64_t c[] = {0x1F, (1088/8)}; 15 | keccak1600_scalar_g(out, 136, in, inlen, c); 16 | return 0; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /bench/scripts/libsodium_static_disable_asm_ccomp: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | libs_dir="$2" 7 | 8 | (cd $dir && \ 9 | (make distclean || true) && \ 10 | env CC=ccomp CFLAGS="-O2 -fstruct-passing -Usize_t" ./configure --disable-shared --enable-static --disable-asm && \ 11 | make && \ 12 | cp src/libsodium/.libs/libsodium.a $libs_dir/$myname.a && \ 13 | cd $libs_dir && \ 14 | $whereami/rename_lib $myname $libs_dir 15 | ) 16 | 17 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/shake256_libjc_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte (logscale)" 6 | 7 | set output "../svg/shake256_libjc_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_shake256_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 9 | "../csv/crypto_hash_shake256_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 10 | 11 | unset logscale x 12 | 13 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3224/jazz/sha3224_jazz.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "crypto_hash.h" 4 | #include "impl.h" 5 | #include "api.h" 6 | 7 | extern void sha3224_impl( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | unsigned char out__[CRYPTO_BYTES]; 16 | sha3224_impl(out__, in, inlen); 17 | memcpy(out, out__, CRYPTO_BYTES); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3256/jazz/sha3256_jazz.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "crypto_hash.h" 4 | #include "impl.h" 5 | #include "api.h" 6 | 7 | extern void sha3256_impl( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | unsigned char out__[CRYPTO_BYTES]; 16 | sha3256_impl(out__, in, inlen); 17 | memcpy(out, out__, CRYPTO_BYTES); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3384/jazz/sha3384_jazz.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "crypto_hash.h" 4 | #include "impl.h" 5 | #include "api.h" 6 | 7 | extern void sha3384_impl( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | unsigned char out__[CRYPTO_BYTES]; 16 | sha3384_impl(out__, in, inlen); 17 | memcpy(out, out__, CRYPTO_BYTES); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/sha3512/jazz/sha3512_jazz.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "crypto_hash.h" 4 | #include "impl.h" 5 | #include "api.h" 6 | 7 | extern void sha3512_impl( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | unsigned char out__[CRYPTO_BYTES]; 16 | sha3512_impl(out__, in, inlen); 17 | memcpy(out, out__, CRYPTO_BYTES); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake128/jazz/shake128_jazz.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "crypto_hash.h" 4 | #include "impl.h" 5 | #include "api.h" 6 | 7 | extern void shake128_impl( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | unsigned char out__[CRYPTO_BYTES]; 16 | shake128_impl(out__, in, inlen); 17 | memcpy(out, out__, CRYPTO_BYTES); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake256/jazz/shake256_jazz.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "crypto_hash.h" 4 | #include "impl.h" 5 | #include "api.h" 6 | 7 | extern void shake256_impl( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen 11 | ); 12 | 13 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 14 | { 15 | unsigned char out__[CRYPTO_BYTES]; 16 | shake256_impl(out__, in, inlen); 17 | memcpy(out, out__, CRYPTO_BYTES); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/evercrypt/compact_gcc/curve25519_evercrypt.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | int crypto_scalarmult( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ) 8 | { 9 | evercrypt_compact_gcc_EverCrypt_Curve25519_ecdh(q,n,p); 10 | return 0; 11 | } 12 | 13 | int crypto_scalarmult_base( 14 | unsigned char *q, 15 | const unsigned char *n 16 | ) 17 | { 18 | evercrypt_compact_gcc_EverCrypt_Curve25519_secret_to_public(q,n); 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /bench/third_party/vale/poly1305/poly1305.h: -------------------------------------------------------------------------------- 1 | #ifndef __POLY1305_VALE_H 2 | #define __POLY1305_VALE_H 3 | 4 | #include 5 | #include "gcc_compat.h" 6 | #include 7 | #include 8 | 9 | typedef struct ctxt 10 | { 11 | uint64_t h0; 12 | uint64_t h1; 13 | uint64_t h2; 14 | uint64_t key_r0; 15 | 16 | uint64_t key_r1; 17 | uint64_t key_s0; 18 | uint64_t key_s1; 19 | uint64_t scratch0; 20 | 21 | uint64_t scratch[24 - 8]; 22 | } ctxt; 23 | 24 | #endif // __POLY1305_VALE_H 25 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/avx2/keccakf1600_export.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_core/keccakf160064bits/avx2/keccakf1600.jazz" 2 | 3 | export fn _keccakf1600_avx2( 4 | reg u64 out in 5 | _rhotates_left 6 | _rhotates_right 7 | _iotas 8 | ) 9 | { 10 | inline int i; 11 | reg u256[7] state; 12 | 13 | for i=0 to 7 14 | { state[i] = (u256)[in + 32*i]; } 15 | 16 | state = __keccakf1600_avx2(state, _rhotates_left, _rhotates_right, _iotas); 17 | 18 | for i=0 to 7 19 | { (u256)[out + 32*i] = state[i]; } 20 | } 21 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake128/evercrypt/compact_gcc/shake128_evercrypt.c: -------------------------------------------------------------------------------- 1 | #include "crypto_hash.h" 2 | #include "api.h" 3 | #include 4 | #include 5 | 6 | extern void 7 | Hacl_SHA3_shake128_hacl( 8 | uint32_t inputByteLen, 9 | uint8_t *input, 10 | uint32_t outputByteLen, 11 | uint8_t *output 12 | ); 13 | 14 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 15 | { 16 | evercrypt_compact_gcc_Hacl_SHA3_shake128_hacl((uint32_t)inlen, in, CRYPTO_BYTES, out); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /bench/bindings/crypto_hash/shake256/evercrypt/compact_gcc/shake256_evercrypt.c: -------------------------------------------------------------------------------- 1 | #include "crypto_hash.h" 2 | #include "api.h" 3 | #include 4 | #include 5 | 6 | extern void 7 | Hacl_SHA3_shake256_hacl( 8 | uint32_t inputByteLen, 9 | uint8_t *input, 10 | uint32_t outputByteLen, 11 | uint8_t *output 12 | ); 13 | 14 | int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen) 15 | { 16 | evercrypt_compact_gcc_Hacl_SHA3_shake256_hacl((uint32_t)inlen, in, CRYPTO_BYTES, out); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static/auth_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_onetimeauth.h" 2 | #include 3 | 4 | #include "poly1305.h" 5 | #include "poly1305_local.h" 6 | 7 | int crypto_onetimeauth( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen, 11 | const unsigned char *k 12 | ) 13 | { 14 | POLY1305 poly1305; 15 | openssl_static_Poly1305_Init(&poly1305, k); 16 | openssl_static_Poly1305_Update(&poly1305, in, inlen); 17 | openssl_static_Poly1305_Final(&poly1305, out); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/scripts/hacl_star_gcc: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | dir="$1" 6 | libs_dir="$2" 7 | 8 | (cd $dir && \ 9 | export CFLAGS="-Ofast -march=native -mtune=native -m64 -fwrapv -fomit-frame-pointer -funroll-loops" && \ 10 | make clean-build && \ 11 | make build && \ 12 | cp build/libhacl.a $libs_dir/$myname.a && \ 13 | cp build/libhacl.a $libs_dir/${myname}_vec.a && \ 14 | cd $libs_dir && \ 15 | $whereami/rename_lib $myname $libs_dir && \ 16 | $whereami/rename_lib ${myname}_vec $libs_dir 17 | ) 18 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/ladderstep.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #undef force_inline 4 | #define force_inline __attribute__((always_inline)) 5 | 6 | static force_inline void ladderstep(uint64_t* out, uint64_t x15, uint64_t x16, uint64_t x14, uint64_t x12, uint64_t x10, uint64_t x25, uint64_t x26, uint64_t x24, uint64_t x22, uint64_t x20, uint64_t x33, uint64_t x34, uint64_t x32, uint64_t x30, uint64_t x28, uint64_t x43, uint64_t x44, uint64_t x42, uint64_t x40, uint64_t x38, uint64_t x51, uint64_t x52, uint64_t x50, uint64_t x48, uint64_t x46); 7 | -------------------------------------------------------------------------------- /bench/scripts/boringssl_static: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | whereami=$(cd `dirname "$0"`; pwd -P) 4 | myname=`basename "$0"` 5 | build_dir="$1/build" 6 | libs_dir="$2" 7 | 8 | # - export CC=/usr/local/bin/gcc && \ 9 | # - export CXX=/usr/local/bin/g++ && \ 10 | 11 | (mkdir -p $build_dir && \ 12 | cd $build_dir && \ 13 | rm -fr * && \ 14 | (make distclean || true) && \ 15 | cmake -DCMAKE_BUILD_TYPE=Release .. && \ 16 | make crypto && \ 17 | cp crypto/libcrypto.a $libs_dir/$myname.a && \ 18 | cd $libs_dir && \ 19 | $whereami/rename_lib $myname $libs_dir 20 | ) 21 | -------------------------------------------------------------------------------- /bench/setup1: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | version=`cat config/version` 4 | 5 | # download and extract supercop 6 | wget https://bench.cr.yp.to/supercop/supercop-$version.tar.xz 7 | unxz < supercop-$version.tar.xz | tar -xf - 8 | 9 | # patch okcompilers 10 | cp ./patch/$version/okcompilers/* supercop-$version/okcompilers/ 11 | 12 | # remove some 'used' files -- do-part used faster 13 | cat ./patch/$version/remove | while read f; do \ 14 | rm -f supercop-$version/$f; \ 15 | done 16 | 17 | # run ./do-part used inside supercop 18 | (cd supercop-$version/ && ./do-part used) 19 | 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static_no_asm/auth_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_onetimeauth.h" 2 | #include 3 | 4 | #include "poly1305.h" 5 | #include "poly1305_local.h" 6 | 7 | int crypto_onetimeauth( 8 | unsigned char *out, 9 | const unsigned char *in, 10 | unsigned long long inlen, 11 | const unsigned char *k 12 | ) 13 | { 14 | POLY1305 poly1305; 15 | openssl_static_no_asm_Poly1305_Init(&poly1305, k); 16 | openssl_static_no_asm_Poly1305_Update(&poly1305, in, inlen); 17 | openssl_static_no_asm_Poly1305_Final(&poly1305, out); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3224_evercrypt_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3224_evercrypt_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3224_evercrypt_compact_gcc_16384.csv" using 1:2 title 'EverCrypt' with lines, \ 9 | "../csv/crypto_hash_sha3224_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3224_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 11 | unset logscale x 12 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3256_evercrypt_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3256_evercrypt_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3256_evercrypt_compact_gcc_16384.csv" using 1:2 title 'EverCrypt' with lines, \ 9 | "../csv/crypto_hash_sha3256_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3256_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 11 | unset logscale x 12 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3384_evercrypt_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3384_evercrypt_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3384_evercrypt_compact_gcc_16384.csv" using 1:2 title 'EverCrypt' with lines, \ 9 | "../csv/crypto_hash_sha3384_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3384_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 11 | unset logscale x 12 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3512_evercrypt_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3512_evercrypt_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3512_evercrypt_compact_gcc_16384.csv" using 1:2 title 'EverCrypt' with lines, \ 9 | "../csv/crypto_hash_sha3512_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3512_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 11 | unset logscale x 12 | -------------------------------------------------------------------------------- /bench/bench: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | version=`cat config/version` 4 | bench=`cat config/work` 5 | 6 | if [ "$#" -eq 1 ]; then 7 | bench=$1 8 | fi 9 | 10 | cat config/$bench | egrep -v "^$|^#" | while read implementation 11 | do 12 | implementation_expand=`eval echo -n $implementation` 13 | implementation_cut=`echo -n $implementation | cut -d' ' -f1-3` 14 | (cd supercop-$version && (./do-part $implementation_expand || true)) 15 | implementationid=`echo "$implementation_cut" | sed -e 's/\//_/g' -e 's/\ /_/g'`.data 16 | find supercop-$version/bench/ -name data -exec cp {} data/$implementationid \; 17 | done 18 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/shake128_evercrypt_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/shake128_evercrypt_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_shake128_evercrypt_compact_gcc_16384.csv" using 1:2 title 'EverCrypt' with lines, \ 9 | "../csv/crypto_hash_shake128_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 10 | "../csv/crypto_hash_shake128_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 11 | unset logscale x 12 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/shake256_evercrypt_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte (logscale)" 6 | 7 | set output "../svg/shake256_evercrypt_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_shake256_evercrypt_compact_gcc_16384.csv" using 1:2 title 'EverCrypt' with lines, \ 9 | "../csv/crypto_hash_shake256_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 10 | "../csv/crypto_hash_shake256_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 11 | 12 | unset logscale x 13 | 14 | -------------------------------------------------------------------------------- /bench/config/keccak-openssl: -------------------------------------------------------------------------------- 1 | crypto_hash sha3224 openssl -L`pwd`/third_party_shared_libs/openssl_shared/lib/ -l:libcrypto.so.1.1 2 | crypto_hash sha3256 openssl -L`pwd`/third_party_shared_libs/openssl_shared/lib/ -l:libcrypto.so.1.1 3 | crypto_hash sha3384 openssl -L`pwd`/third_party_shared_libs/openssl_shared/lib/ -l:libcrypto.so.1.1 4 | crypto_hash sha3512 openssl -L`pwd`/third_party_shared_libs/openssl_shared/lib/ -l:libcrypto.so.1.1 5 | crypto_hash shake128 openssl -L`pwd`/third_party_shared_libs/openssl_shared/lib/ -l:libcrypto.so.1.1 6 | crypto_hash shake256 openssl -L`pwd`/third_party_shared_libs/openssl_shared/lib/ -l:libcrypto.so.1.1 7 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 14 | \ 15 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 16 | 17 | unset logscale x 18 | 19 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 12 | \ 13 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 14 | \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 16 | 17 | unset logscale x 18 | 19 | -------------------------------------------------------------------------------- /bench/config/curve25519: -------------------------------------------------------------------------------- 1 | crypto_scalarmult curve25519 amd64-51 2 | crypto_scalarmult curve25519 amd64-64 3 | crypto_scalarmult curve25519 donna_c64 4 | crypto_scalarmult curve25519 sandy2x 5 | crypto_scalarmult curve25519 openssl/static 6 | crypto_scalarmult curve25519 openssl/static_no_asm 7 | crypto_scalarmult curve25519 boringssl/static -lpthread 8 | crypto_scalarmult curve25519 hacl_star/gcc 9 | crypto_scalarmult curve25519 hacl_star/ccomp 10 | crypto_scalarmult curve25519 fiat-crypto/C64 11 | crypto_scalarmult curve25519 jazz/ref4 12 | crypto_scalarmult curve25519 jazz/mulx 13 | crypto_scalarmult curve25519 evercrypt/compact_gcc `pwd`/third_party_static_libs/libkremlib.a 14 | -------------------------------------------------------------------------------- /bench/config/keccak-openssl-no-asm: -------------------------------------------------------------------------------- 1 | crypto_hash sha3224 openssl -L`pwd`/third_party_shared_libs/openssl_shared_no_asm/lib/ -l:libcrypto.so.1.1 2 | crypto_hash sha3256 openssl -L`pwd`/third_party_shared_libs/openssl_shared_no_asm/lib/ -l:libcrypto.so.1.1 3 | crypto_hash sha3384 openssl -L`pwd`/third_party_shared_libs/openssl_shared_no_asm/lib/ -l:libcrypto.so.1.1 4 | crypto_hash sha3512 openssl -L`pwd`/third_party_shared_libs/openssl_shared_no_asm/lib/ -l:libcrypto.so.1.1 5 | crypto_hash shake128 openssl -L`pwd`/third_party_shared_libs/openssl_shared_no_asm/lib/ -l:libcrypto.so.1.1 6 | crypto_hash shake256 openssl -L`pwd`/third_party_shared_libs/openssl_shared_no_asm/lib/ -l:libcrypto.so.1.1 7 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/openssl/static/curve25519_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | extern int openssl_static_X25519( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ); 8 | 9 | static const unsigned char basepoint[32] = {9}; 10 | 11 | int crypto_scalarmult( 12 | unsigned char *q, 13 | const unsigned char *n, 14 | const unsigned char *p 15 | ) 16 | { 17 | int r; 18 | r = openssl_static_X25519(q,n,p); 19 | return 0; 20 | } 21 | 22 | int crypto_scalarmult_base( 23 | unsigned char *q, 24 | const unsigned char *n 25 | ) 26 | { 27 | int r; 28 | r = crypto_scalarmult(q,n,basepoint); 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/boringssl/static/curve25519_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | extern int boringssl_static_X25519( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ); 8 | 9 | static const unsigned char basepoint[32] = {9}; 10 | 11 | int crypto_scalarmult( 12 | unsigned char *q, 13 | const unsigned char *n, 14 | const unsigned char *p 15 | ) 16 | { 17 | int r; 18 | r = boringssl_static_X25519(q,n,p); 19 | return 0; 20 | } 21 | 22 | int crypto_scalarmult_base( 23 | unsigned char *q, 24 | const unsigned char *n 25 | ) 26 | { 27 | int r; 28 | r = crypto_scalarmult(q,n,basepoint); 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /bench/config/keccak-openssl-avx2: -------------------------------------------------------------------------------- 1 | crypto_hash sha3224 openssl -L`pwd`/third_party_shared_libs/openssl_shared_keccak_avx2/lib/ -l:libcrypto.so.1.1 2 | crypto_hash sha3256 openssl -L`pwd`/third_party_shared_libs/openssl_shared_keccak_avx2/lib/ -l:libcrypto.so.1.1 3 | crypto_hash sha3384 openssl -L`pwd`/third_party_shared_libs/openssl_shared_keccak_avx2/lib/ -l:libcrypto.so.1.1 4 | crypto_hash sha3512 openssl -L`pwd`/third_party_shared_libs/openssl_shared_keccak_avx2/lib/ -l:libcrypto.so.1.1 5 | crypto_hash shake128 openssl -L`pwd`/third_party_shared_libs/openssl_shared_keccak_avx2/lib/ -l:libcrypto.so.1.1 6 | crypto_hash shake256 openssl -L`pwd`/third_party_shared_libs/openssl_shared_keccak_avx2/lib/ -l:libcrypto.so.1.1 7 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/openssl/static_no_asm/curve25519_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | extern int openssl_static_no_asm_X25519( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ); 8 | 9 | static const unsigned char basepoint[32] = {9}; 10 | 11 | int crypto_scalarmult( 12 | unsigned char *q, 13 | const unsigned char *n, 14 | const unsigned char *p 15 | ) 16 | { 17 | int r; 18 | r = openssl_static_no_asm_X25519(q,n,p); 19 | return 0; 20 | } 21 | 22 | int crypto_scalarmult_base( 23 | unsigned char *q, 24 | const unsigned char *n 25 | ) 26 | { 27 | int r; 28 | r = crypto_scalarmult(q,n,basepoint); 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/mulx/x25519_tobytes.jazz: -------------------------------------------------------------------------------- 1 | #ifndef X25519_TOBYTES 2 | #define X25519_TOBYTES 3 | 4 | // implements openssl strategy : clever 5 | fn _fe64_tobytes(reg u64[4] f) -> reg u64[4] 6 | { 7 | reg bool cf; 8 | reg u64 t; 9 | 10 | t = f[3] + f[3]; 11 | f[3] = #SAR(f[3], 63); 12 | t >>= 1; 13 | f[3] &= 19; 14 | f[3] += 19; 15 | 16 | cf, f[0] += f[3]; 17 | cf, f[1] += 0 + cf; 18 | cf, f[2] += 0 + cf; 19 | cf, t += 0 + cf; 20 | 21 | f[3] = t + t; 22 | t = #SAR(t, 63); 23 | f[3] >>= 1; 24 | t = !t; 25 | t &= 19; 26 | 27 | cf, f[0] -= t; 28 | cf, f[1] -= 0 - cf; 29 | cf, f[2] -= 0 - cf; 30 | cf, f[3] -= 0 - cf; 31 | 32 | return f; 33 | } 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/hacl_star/ccomp/curve25519_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | extern int hacl_star_ccomp_Curve25519_crypto_scalarmult( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ); 8 | 9 | static const unsigned char basepoint[32] = {9}; 10 | 11 | int crypto_scalarmult( 12 | unsigned char *q, 13 | const unsigned char *n, 14 | const unsigned char *p 15 | ) 16 | { 17 | int r; 18 | r = hacl_star_ccomp_Curve25519_crypto_scalarmult(q,n,p); 19 | return 0; 20 | } 21 | 22 | int crypto_scalarmult_base( 23 | unsigned char *q, 24 | const unsigned char *n 25 | ) 26 | { 27 | int r; 28 | r = crypto_scalarmult(q,n,basepoint); 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/hacl_star/gcc/curve25519_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | extern int hacl_star_gcc_Hacl_Curve25519_crypto_scalarmult( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ); 8 | 9 | static const unsigned char basepoint[32] = {9}; 10 | 11 | int crypto_scalarmult( 12 | unsigned char *q, 13 | const unsigned char *n, 14 | const unsigned char *p 15 | ) 16 | { 17 | int r; 18 | r = hacl_star_gcc_Hacl_Curve25519_crypto_scalarmult(q,n,p); 19 | return 0; 20 | } 21 | 22 | int crypto_scalarmult_base( 23 | unsigned char *q, 24 | const unsigned char *n 25 | ) 26 | { 27 | int r; 28 | r = crypto_scalarmult(q,n,basepoint); 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/libsodium/static/curve25519_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_scalarmult.h" 2 | 3 | extern int libsodium_static_crypto_scalarmult( 4 | unsigned char *q, 5 | const unsigned char *n, 6 | const unsigned char *p 7 | ); 8 | 9 | static const unsigned char basepoint[32] = {9}; 10 | 11 | int crypto_scalarmult( 12 | unsigned char *q, 13 | const unsigned char *n, 14 | const unsigned char *p 15 | ) 16 | { 17 | int r; 18 | unsigned char q_[32]; 19 | r = libsodium_static_crypto_scalarmult(q,n,p); 20 | return 0; 21 | } 22 | 23 | int crypto_scalarmult_base( 24 | unsigned char *q, 25 | const unsigned char *n 26 | ) 27 | { 28 | int r; 29 | r = crypto_scalarmult(q,n,basepoint); 30 | return 0; 31 | } 32 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/fiat-crypto/C64/u51.c: -------------------------------------------------------------------------------- 1 | typedef uint8_t u8; 2 | typedef uint64_t u64; 3 | 4 | static force_inline u8 /*bool*/ _addcarryx_u51(u8 /*bool*/ c, u64 a, u64 b, u64 *low) 5 | { 6 | /* This function extracts 51 bits of result and 1 bit of carry (52 total), so 7 | *a 64-bit intermediate is sufficient. 8 | */ 9 | u64 x = a + b + c; 10 | *low = x & ((1ULL << 51) - 1); 11 | return (x >> 51) & 1; 12 | } 13 | 14 | static force_inline u8 /*bool*/ _subborrow_u51(u8 /*bool*/ c, u64 a, u64 b, u64 *low) 15 | { 16 | /* This function extracts 51 bits of result and 1 bit of borrow (52 total), so 17 | * a 64-bit intermediate is sufficient. 18 | */ 19 | u64 x = a - b - c; 20 | *low = x & ((1ULL << 51) - 1); 21 | return x >> 63; 22 | } 23 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_vale_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte (logscale)" 6 | 7 | set output "../svg/poly1305_libjc_vale_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_vale_16384.csv" using 1:2 title 'Vale (Scalar) ' with lines, \ 12 | \ 13 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_libsodium_static_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_libsodium_static_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 14 | \ 15 | "../csv/crypto_stream_chacha20_libsodium_static_16384.csv" using 1:2 title 'Libsodium (AVX2)' with lines, \ 16 | \ 17 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_supercop_v2_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_supercop_v2_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_krovetz_vec128_16384.csv" using 1:2 title 'krovetz/vec128/' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_krovetz_avx2_16384.csv" using 1:2 title 'krovetz/avx2/' with lines, \ 14 | \ 15 | "../csv/crypto_stream_chacha20_goll_gueron_16384.csv" using 1:2 title 'goll\_gueron/' with lines, \ 16 | \ 17 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | 21 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_hacl_star_gcc_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_hacl_star_gcc_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_hacl_star_gcc_16384.csv" using 1:2 title 'HACL* (Scalar)' with lines, \ 12 | \ 13 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_hacl_star_compcert_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_hacl_star_compcert_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_hacl_star_compcert_16384.csv" using 1:2 title 'HACL* (Scalar) ' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/config/jazz: -------------------------------------------------------------------------------- 1 | crypto_stream chacha20 jazz/ref 2 | crypto_stream chacha20 jazz/avx 3 | crypto_stream chacha20 jazz/avx2 4 | 5 | crypto_onetimeauth poly1305 jazz/ref3 6 | crypto_onetimeauth poly1305 jazz/avx 7 | crypto_onetimeauth poly1305 jazz/avx2 8 | 9 | crypto_hash sha3224 jazz/scalar 10 | crypto_hash sha3224 jazz/avx2 11 | 12 | crypto_hash sha3256 jazz/scalar 13 | crypto_hash sha3256 jazz/avx2 14 | 15 | crypto_hash sha3384 jazz/scalar 16 | crypto_hash sha3384 jazz/avx2 17 | 18 | crypto_hash sha3512 jazz/scalar 19 | crypto_hash sha3512 jazz/avx2 20 | 21 | crypto_hash shake128 jazz/scalar 22 | crypto_hash shake128 jazz/avx2 23 | 24 | crypto_hash shake256 jazz/scalar 25 | crypto_hash shake256 jazz/avx2 26 | 27 | crypto_scalarmult curve25519 jazz/ref4 28 | crypto_scalarmult curve25519 jazz/mulx 29 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_openssl_static_no_asm_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_openssl_static_no_asm_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_openssl_static_no_asm_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 12 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 13 | \ 14 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 15 | \ 16 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 17 | 18 | unset logscale x 19 | 20 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3224_openssl_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3224_openssl_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3224_openssl_no_asm_16384.csv" using 1:2 title 'OpenSSL (no-asm)' with lines, \ 9 | "../csv/crypto_hash_sha3224_openssl_scalar_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3224_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 11 | "../csv/crypto_hash_sha3224_openssl_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 12 | "../csv/crypto_hash_sha3224_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 13 | unset logscale x 14 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3256_openssl_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3256_openssl_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3256_openssl_no_asm_16384.csv" using 1:2 title 'OpenSSL (no-asm)' with lines, \ 9 | "../csv/crypto_hash_sha3256_openssl_scalar_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3256_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 11 | "../csv/crypto_hash_sha3256_openssl_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 12 | "../csv/crypto_hash_sha3256_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 13 | unset logscale x 14 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3384_openssl_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3384_openssl_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3384_openssl_no_asm_16384.csv" using 1:2 title 'OpenSSL (no-asm)' with lines, \ 9 | "../csv/crypto_hash_sha3384_openssl_scalar_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3384_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 11 | "../csv/crypto_hash_sha3384_openssl_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 12 | "../csv/crypto_hash_sha3384_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 13 | unset logscale x 14 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/sha3512_openssl_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/sha3512_openssl_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_sha3512_openssl_no_asm_16384.csv" using 1:2 title 'OpenSSL (no-asm)' with lines, \ 9 | "../csv/crypto_hash_sha3512_openssl_scalar_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 10 | "../csv/crypto_hash_sha3512_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 11 | "../csv/crypto_hash_sha3512_openssl_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 12 | "../csv/crypto_hash_sha3512_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 13 | unset logscale x 14 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_libsodium_static_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_libsodium_static_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_libsodium_static_16384.csv" using 1:2 title 'Libsodium (AVX2)' with lines, \ 12 | \ 13 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_scalarmult/curve25519/jazz/curve25519_jazz.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "crypto_scalarmult.h" 3 | #include "impl.h" 4 | 5 | extern int curve25519_impl( 6 | unsigned char *q, 7 | const unsigned char *n, 8 | const unsigned char *p 9 | ); 10 | 11 | static const unsigned char basepoint[32] = {9}; 12 | 13 | int crypto_scalarmult( 14 | unsigned char *q, 15 | const unsigned char *n, 16 | const unsigned char *p 17 | ) 18 | { 19 | int r; 20 | unsigned char n_[32], p_[32]; 21 | memcpy(n_, n, 32); 22 | memcpy(p_, p, 32); 23 | r = curve25519_impl(q,n_,p_); 24 | return 0; 25 | } 26 | 27 | int crypto_scalarmult_base( 28 | unsigned char *q, 29 | const unsigned char *n 30 | ) 31 | { 32 | int r; 33 | r = crypto_scalarmult(q,n,basepoint); 34 | return 0; 35 | } 36 | 37 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/shake128_openssl_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/shake128_openssl_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_shake128_openssl_no_asm_16384.csv" using 1:2 title 'OpenSSL (no-asm)' with lines, \ 9 | "../csv/crypto_hash_shake128_openssl_scalar_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 10 | "../csv/crypto_hash_shake128_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 11 | "../csv/crypto_hash_shake128_openssl_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 12 | "../csv/crypto_hash_shake128_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 13 | unset logscale x 14 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_openssl_static_no_asm_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_openssl_static_no_asm_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_openssl_static_no_asm_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 12 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 13 | \ 14 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 15 | \ 16 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 17 | 18 | unset logscale x 19 | 20 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_libsodium_static_disable_asm_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_libsodium_static_disable_asm_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_libsodium_static_disable_asm_16384.csv" using 1:2 title 'Libsodium (Scalar)' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/results/keccak/gnu/shake256_openssl_cycles__128_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte (logscale)" 6 | 7 | set output "../svg/shake256_openssl_cycles_128_16384.svg" 8 | plot "../csv/crypto_hash_shake256_openssl_no_asm_16384.csv" using 1:2 title 'OpenSSL (no-asm)' with lines, \ 9 | "../csv/crypto_hash_shake256_openssl_scalar_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 10 | "../csv/crypto_hash_shake256_jazz_scalar_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 11 | "../csv/crypto_hash_shake256_openssl_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 12 | "../csv/crypto_hash_shake256_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 13 | 14 | unset logscale x 15 | 16 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_libsodium_static_disable_asm_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_libsodium_static_disable_asm_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_libsodium_static_disable_asm_16384.csv" using 1:2 title 'Libsodium (Scalar)' with lines, \ 12 | \ 13 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/jazz/auth_jazz.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | #include "impl.h" 4 | 5 | extern void poly1305_impl( 6 | unsigned char *out, 7 | const unsigned char *in, 8 | unsigned long long inlen, 9 | const unsigned char *k 10 | ); 11 | 12 | int crypto_onetimeauth( 13 | unsigned char *out, 14 | const unsigned char *in, 15 | unsigned long long inlen, 16 | const unsigned char *k 17 | ) 18 | { 19 | poly1305_impl(out, in, inlen, k); 20 | return 0; 21 | } 22 | 23 | int crypto_onetimeauth_verify( 24 | const unsigned char *h, 25 | const unsigned char *in, 26 | unsigned long long inlen, 27 | const unsigned char *k 28 | ) 29 | { 30 | unsigned char correct[16]; 31 | crypto_onetimeauth(correct,in,inlen,k); 32 | return crypto_verify_16(h,correct); 33 | } 34 | -------------------------------------------------------------------------------- /bench/config/poly1305: -------------------------------------------------------------------------------- 1 | crypto_onetimeauth poly1305 jazz/ref3 2 | crypto_onetimeauth poly1305 jazz/avx 3 | crypto_onetimeauth poly1305 jazz/avx2 4 | 5 | crypto_onetimeauth poly1305 hacl_star/gcc 6 | crypto_onetimeauth poly1305 hacl_star/ccomp 7 | 8 | crypto_onetimeauth poly1305 openssl/static 9 | crypto_onetimeauth poly1305 openssl/static_no_asm 10 | 11 | crypto_onetimeauth poly1305 libsodium/static 12 | crypto_onetimeauth poly1305 libsodium/static_disable_asm 13 | crypto_onetimeauth poly1305 libsodium/static_disable_asm_ccomp 14 | 15 | crypto_onetimeauth poly1305 vale 16 | 17 | ## and some supercop implementations 18 | crypto_onetimeauth poly1305 ref 19 | crypto_onetimeauth poly1305 53 20 | crypto_onetimeauth poly1305 amd64 21 | crypto_onetimeauth poly1305 avx 22 | #crypto_onetimeauth poly1305 moon/avx/64 23 | #crypto_onetimeauth poly1305 moon/avx2/64 24 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/openssl/static/chacha20_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[16]; 12 | memset(out, 0, outlen); 13 | memset(nonce, 0, 8); 14 | memcpy(nonce+8, n, 8); 15 | openssl_static_ChaCha20_ctr32(out, out, outlen, k, nonce); 16 | return 0; 17 | } 18 | 19 | int crypto_stream_xor( 20 | unsigned char *out, 21 | const unsigned char *in, 22 | unsigned long long inlen, 23 | const unsigned char *n, 24 | const unsigned char *k 25 | ) 26 | { 27 | unsigned char nonce[16]; 28 | memset(nonce, 0, 8); 29 | memcpy(nonce+8, n, 8); 30 | openssl_static_ChaCha20_ctr32(out, in, inlen, k, nonce); 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_libsodium_static_disable_asm_ccomp_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_libsodium_static_disable_asm_ccomp_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_libsodium_static_disable_asm_ccomp_16384.csv" using 1:2 title 'Libsodium (Scalar) - CompCert 3.6' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_usuba_static_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_usuba_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_usuba-std_16384.csv" using 1:2 title 'Usuba (Std)' with lines, \ 12 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 13 | \ 14 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 15 | \ 16 | "../csv/crypto_stream_chacha20_usuba-avx-fast_16384.csv" using 1:2 title 'Usuba (AVX2)' with lines, \ 17 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | 21 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static/poly1305.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #define POLY1305_BLOCK_SIZE 16 13 | #define POLY1305_DIGEST_SIZE 16 14 | #define POLY1305_KEY_SIZE 32 15 | 16 | typedef struct poly1305_context POLY1305; 17 | 18 | size_t Poly1305_ctx_size(void); 19 | void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]); 20 | void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len); 21 | void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]); 22 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/hacl_star/ccomp/chacha20_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[12]; 12 | memset(out, 0, outlen); 13 | memset(nonce, 0, 4); 14 | memcpy(nonce+4, n, 8); 15 | hacl_star_ccomp_Chacha20_chacha20(out, out, outlen, k, nonce, 0); 16 | return 0; 17 | } 18 | 19 | int crypto_stream_xor( 20 | unsigned char *out, 21 | const unsigned char *in, 22 | unsigned long long inlen, 23 | const unsigned char *n, 24 | const unsigned char *k 25 | ) 26 | { 27 | unsigned char nonce[12]; 28 | memset(nonce, 0, 4); 29 | memcpy(nonce+4, n, 8); 30 | hacl_star_ccomp_Chacha20_chacha20(out, in, inlen, k, nonce, 0); 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_libsodium_static_disable_asm_ccomp_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_libsodium_static_disable_asm_ccomp_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_libsodium_static_disable_asm_ccomp_16384.csv" using 1:2 title 'Libsodium (Scalar) - CompCert 3.6' with lines, \ 12 | \ 13 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 18 | 19 | unset logscale x 20 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static_no_asm/poly1305.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #define POLY1305_BLOCK_SIZE 16 13 | #define POLY1305_DIGEST_SIZE 16 14 | #define POLY1305_KEY_SIZE 32 15 | 16 | typedef struct poly1305_context POLY1305; 17 | 18 | size_t Poly1305_ctx_size(void); 19 | void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]); 20 | void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len); 21 | void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]); 22 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/hacl_star/gcc/chacha20_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[12]; 12 | memset(out, 0, outlen); 13 | memset(nonce, 0, 4); 14 | memcpy(nonce+4, n, 8); 15 | hacl_star_gcc_Hacl_Chacha20_chacha20(out, out, outlen, k, nonce, 0); 16 | return 0; 17 | } 18 | 19 | int crypto_stream_xor( 20 | unsigned char *out, 21 | const unsigned char *in, 22 | unsigned long long inlen, 23 | const unsigned char *n, 24 | const unsigned char *k 25 | ) 26 | { 27 | unsigned char nonce[12]; 28 | memset(nonce, 0, 4); 29 | memcpy(nonce+4, n, 8); 30 | hacl_star_gcc_Hacl_Chacha20_chacha20(out, in, inlen, k, nonce, 0); 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/openssl/static_no_asm/chacha20_openssl.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[16]; 12 | memset(out, 0, outlen); 13 | memset(nonce, 0, 8); 14 | memcpy(nonce+8, n, 8); 15 | openssl_static_no_asm_ChaCha20_ctr32(out, out, outlen, k, nonce); 16 | return 0; 17 | } 18 | 19 | int crypto_stream_xor( 20 | unsigned char *out, 21 | const unsigned char *in, 22 | unsigned long long inlen, 23 | const unsigned char *n, 24 | const unsigned char *k 25 | ) 26 | { 27 | unsigned char nonce[16]; 28 | memset(nonce, 0, 8); 29 | memcpy(nonce+8, n, 8); 30 | openssl_static_no_asm_ChaCha20_ctr32(out, in, inlen, k, nonce); 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/vale/auth_verify.c: -------------------------------------------------------------------------------- 1 | #include "crypto_verify_16.h" 2 | #include "crypto_onetimeauth.h" 3 | #include "poly1305.h" 4 | #include "api.h" 5 | 6 | extern void poly1305(ctxt *ctx, const void *in, uint64_t inlen); 7 | 8 | int crypto_onetimeauth( 9 | unsigned char *out, 10 | const unsigned char *in, 11 | unsigned long long inlen, 12 | const unsigned char *k 13 | ) 14 | { 15 | ctxt ctx; 16 | memcpy(&(ctx.key_r0), k, CRYPTO_KEYBYTES); 17 | poly1305(&ctx, in, inlen); 18 | memcpy(out, &(ctx.h0), CRYPTO_BYTES); 19 | return 0; 20 | } 21 | 22 | int crypto_onetimeauth_verify( 23 | const unsigned char *h, 24 | const unsigned char *in, 25 | unsigned long long inlen, 26 | const unsigned char *k 27 | ) 28 | { 29 | unsigned char correct[16]; 30 | crypto_onetimeauth(correct,in,inlen,k); 31 | return crypto_verify_16(h,correct); 32 | } 33 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_hacl_star_gcc_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_hacl_star_gcc_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_hacl_star_gcc_16384.csv" using 1:2 title 'HACL* (Scalar)' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 14 | \ 15 | "../csv/crypto_stream_chacha20_hacl_star_gcc_vec_16384.csv" using 1:2 title 'HACL* (Vec128)' with lines, \ 16 | \ 17 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 18 | \ 19 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 20 | 21 | unset logscale x 22 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/hacl_star/gcc_vec/chacha20_hacl_star.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[12]; 12 | memset(out, 0, outlen); 13 | memset(nonce, 0, 4); 14 | memcpy(nonce+4, n, 8); 15 | hacl_star_gcc_vec_Hacl_Chacha20_Vec128_chacha20(out, out, outlen, k, nonce, 0); 16 | return 0; 17 | } 18 | 19 | int crypto_stream_xor( 20 | unsigned char *out, 21 | const unsigned char *in, 22 | unsigned long long inlen, 23 | const unsigned char *n, 24 | const unsigned char *k 25 | ) 26 | { 27 | unsigned char nonce[12]; 28 | memset(nonce, 0, 4); 29 | memcpy(nonce+4, n, 8); 30 | hacl_star_gcc_vec_Hacl_Chacha20_Vec128_chacha20(out, in, inlen, k, nonce, 0); 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_hacl_star_compcert_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | set logscale y 2 4 | set yrange [0.5:256] 5 | 6 | set xlabel "message length in bytes" 7 | set ylabel "cycles per byte (logscale)" 8 | 9 | set output "../svg/poly1305_libjc_hacl_star_compcert_cycles_32_16384.svg" 10 | 11 | plot \ 12 | \ 13 | "../csv/crypto_onetimeauth_poly1305_hacl_star_compcert_16384.csv" using 1:2 title 'HACL* (Scalar) ' with lines, \ 14 | \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 18 | \ 19 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 20 | 21 | unset logscale x 22 | unset logscale y 23 | unset yrange 24 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/libsodium/static/chacha20_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[12]; 12 | libsodium_static_sodium_init(); 13 | memset(out, 0, outlen); 14 | memset(nonce, 0, 4); 15 | memcpy(nonce+4, n, 8); 16 | libsodium_static_crypto_stream_chacha20_ietf(out, outlen, nonce, k); 17 | return 0; 18 | } 19 | 20 | int crypto_stream_xor( 21 | unsigned char *out, 22 | const unsigned char *in, 23 | unsigned long long inlen, 24 | const unsigned char *n, 25 | const unsigned char *k 26 | ) 27 | { 28 | unsigned char nonce[12]; 29 | libsodium_static_sodium_init(); 30 | memset(nonce, 0, 4); 31 | memcpy(nonce+4, n, 8); 32 | libsodium_static_crypto_stream_chacha20_ietf_xor(out, in, inlen, nonce, k); 33 | return 0; 34 | } 35 | 36 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_supercop_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_supercop_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_amd64_16384.csv" using 1:2 title 'amd64' with lines, \ 12 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 13 | \ 14 | "../csv/crypto_onetimeauth_poly1305_moon_avx_64_16384.csv" using 1:2 title 'moon/avx/64' with lines, \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_moon_avx2_64_16384.csv" using 1:2 title 'moon/avx2/64' with lines, \ 18 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 19 | 20 | unset logscale x 21 | 22 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_openssl_static_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_openssl_static_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_openssl_static_ref_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 12 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 13 | \ 14 | "../csv/crypto_stream_chacha20_openssl_static_avx_16384.csv" using 1:2 title 'OpenSSL (AVX)' with lines, \ 15 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_stream_chacha20_openssl_static_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 18 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 19 | 20 | unset logscale x 21 | 22 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/libsodium/static_disable_asm/chacha20_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[12]; 12 | libsodium_static_disable_asm_sodium_init(); 13 | memset(out, 0, outlen); 14 | memset(nonce, 0, 4); 15 | memcpy(nonce+4, n, 8); 16 | libsodium_static_disable_asm_crypto_stream_chacha20_ietf(out, outlen, nonce, k); 17 | return 0; 18 | } 19 | 20 | int crypto_stream_xor( 21 | unsigned char *out, 22 | const unsigned char *in, 23 | unsigned long long inlen, 24 | const unsigned char *n, 25 | const unsigned char *k 26 | ) 27 | { 28 | unsigned char nonce[12]; 29 | libsodium_static_disable_asm_sodium_init(); 30 | memset(nonce, 0, 4); 31 | memcpy(nonce+4, n, 8); 32 | libsodium_static_disable_asm_crypto_stream_chacha20_ietf_xor(out, in, inlen, nonce, k); 33 | return 0; 34 | } 35 | 36 | -------------------------------------------------------------------------------- /bench/results/poly1305/gnu/poly1305_libjc_openssl_static_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/poly1305_libjc_openssl_static_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_onetimeauth_poly1305_openssl_static_ref_16384.csv" using 1:2 title 'OpenSSL (Scalar)' with lines, \ 12 | "../csv/crypto_onetimeauth_poly1305_jazz_ref3_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 13 | \ 14 | "../csv/crypto_onetimeauth_poly1305_openssl_static_avx_16384.csv" using 1:2 title 'OpenSSL (AVX)' with lines, \ 15 | "../csv/crypto_onetimeauth_poly1305_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 16 | \ 17 | "../csv/crypto_onetimeauth_poly1305_openssl_static_avx2_16384.csv" using 1:2 title 'OpenSSL (AVX2)' with lines, \ 18 | "../csv/crypto_onetimeauth_poly1305_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 19 | 20 | unset logscale x 21 | 22 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/libsodium/static_disable_asm_ccomp/chacha20_libsodium.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include 3 | 4 | int crypto_stream( 5 | unsigned char *out, 6 | unsigned long long outlen, 7 | const unsigned char *n, 8 | const unsigned char *k 9 | ) 10 | { 11 | unsigned char nonce[12]; 12 | libsodium_static_disable_asm_ccomp_sodium_init(); 13 | memset(out, 0, outlen); 14 | memset(nonce, 0, 4); 15 | memcpy(nonce+4, n, 8); 16 | libsodium_static_disable_asm_ccomp_crypto_stream_chacha20_ietf(out, outlen, nonce, k); 17 | return 0; 18 | } 19 | 20 | int crypto_stream_xor( 21 | unsigned char *out, 22 | const unsigned char *in, 23 | unsigned long long inlen, 24 | const unsigned char *n, 25 | const unsigned char *k 26 | ) 27 | { 28 | unsigned char nonce[12]; 29 | libsodium_static_disable_asm_ccomp_sodium_init(); 30 | memset(nonce, 0, 4); 31 | memcpy(nonce+4, n, 8); 32 | libsodium_static_disable_asm_ccomp_crypto_stream_chacha20_ietf_xor(out, in, inlen, nonce, k); 33 | return 0; 34 | } 35 | 36 | -------------------------------------------------------------------------------- /bench/results/chacha20/gnu/chacha20_libjc_supercop_xor_cycles_32_16384.gnu: -------------------------------------------------------------------------------- 1 | set term svg enhanced background rgb 'white' 2 | set logscale x 2 3 | 4 | set xlabel "message length in bytes" 5 | set ylabel "cycles per byte" 6 | 7 | set output "../svg/chacha20_libjc_supercop_xor_cycles_32_16384.svg" 8 | 9 | plot \ 10 | \ 11 | "../csv/crypto_stream_chacha20_e_ref_16384.csv" using 1:2 title 'e/ref' with lines, \ 12 | \ 13 | "../csv/crypto_stream_chacha20_e_amd64-3_16384.csv" using 1:2 title 'e/amd64-3' with lines, \ 14 | "../csv/crypto_stream_chacha20_jazz_ref_16384.csv" using 1:2 title 'Jasmin (Scalar)' with lines, \ 15 | \ 16 | "../csv/crypto_stream_chacha20_moon_avx_64_16384.csv" using 1:2 title 'moon/avx/64' with lines, \ 17 | "../csv/crypto_stream_chacha20_jazz_avx_16384.csv" using 1:2 title 'Jasmin (AVX)' with lines, \ 18 | \ 19 | "../csv/crypto_stream_chacha20_moon_avx2_64_16384.csv" using 1:2 title 'moon/avx2/64' with lines, \ 20 | "../csv/crypto_stream_chacha20_jazz_avx2_16384.csv" using 1:2 title 'Jasmin (AVX2)' with lines 21 | 22 | unset logscale x 23 | 24 | -------------------------------------------------------------------------------- /bench/bindings/crypto_stream/chacha20/jazz/chacha20_jazz.c: -------------------------------------------------------------------------------- 1 | #include "crypto_stream.h" 2 | #include "impl.h" 3 | #include 4 | #include 5 | 6 | extern void chacha20_impl( 7 | unsigned char *out, 8 | const unsigned char *in, 9 | unsigned long long inlen, 10 | const unsigned char *k, 11 | const unsigned char *n, 12 | unsigned int counter 13 | ); 14 | 15 | int crypto_stream( 16 | unsigned char *out, 17 | unsigned long long outlen, 18 | const unsigned char *n, 19 | const unsigned char *k 20 | ) 21 | { 22 | unsigned char nonce[12]; 23 | memset(out, 0, outlen); 24 | memset(nonce, 0, 4); 25 | memcpy(nonce+4, n, 8); 26 | chacha20_impl(out, out, outlen, k, nonce, 0); 27 | return 0; 28 | } 29 | 30 | int crypto_stream_xor( 31 | unsigned char *out, 32 | const unsigned char *in, 33 | unsigned long long inlen, 34 | const unsigned char *n, 35 | const unsigned char *k 36 | ) 37 | { 38 | unsigned char nonce[12]; 39 | memset(nonce, 0, 4); 40 | memcpy(nonce+4, n, 8); 41 | chacha20_impl(out, in, inlen, k, nonce, 0); 42 | return 0; 43 | } 44 | -------------------------------------------------------------------------------- /bench/config/chacha20: -------------------------------------------------------------------------------- 1 | crypto_stream chacha20 jazz/ref 2 | crypto_stream chacha20 jazz/avx 3 | crypto_stream chacha20 jazz/avx2 4 | 5 | crypto_stream chacha20 hacl_star/gcc 6 | crypto_stream chacha20 hacl_star/gcc_vec 7 | crypto_stream chacha20 hacl_star/ccomp 8 | 9 | crypto_stream chacha20 openssl/static 10 | crypto_stream chacha20 openssl/static_no_asm 11 | 12 | crypto_stream chacha20 libsodium/static 13 | crypto_stream chacha20 libsodium/static_disable_asm 14 | crypto_stream chacha20 libsodium/static_disable_asm_ccomp 15 | 16 | crypto_stream chacha20 usuba-std 17 | crypto_stream chacha20 usuba-avx-fast 18 | 19 | #crypto_stream chacha20 usuba-sse-fast 20 | #crypto_stream chacha20 usuba-avx 21 | #crypto_stream chacha20 usuba-sse #chacha20.s:253: Error: unknown pseudo-op: `.addrsig' 22 | 23 | ## and some supercop implementations 24 | crypto_stream chacha20 dolbeau/amd64-avx2 25 | crypto_stream chacha20 goll_gueron 26 | crypto_stream chacha20 krovetz/vec128 27 | crypto_stream chacha20 krovetz/avx2 28 | 29 | #crypto_stream chacha20 moon/avx/64 30 | #crypto_stream chacha20 moon/avx2/64 31 | crypto_stream chacha20 e/ref 32 | crypto_stream chacha20 e/amd64-3 33 | 34 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/avx2_openssl/keccakf1600_export.jazz: -------------------------------------------------------------------------------- 1 | #include "crypto_core/keccakf160064bits/avx2_openssl/keccakf1600.jazz" 2 | 3 | export fn _keccakf1600_avx2_openssl( 4 | reg u64 out in 5 | _rhotates_left 6 | _rhotates_right 7 | _iotas 8 | ) 9 | { 10 | reg u256 A00, A01, A20, A31, 11 | A21, A41, A11; 12 | 13 | A00 = (u256)[in + 0]; 14 | A01 = (u256)[in + 32]; 15 | A20 = (u256)[in + 64]; 16 | A31 = (u256)[in + 96]; 17 | A21 = (u256)[in + 128]; 18 | A41 = (u256)[in + 160]; 19 | A11 = (u256)[in + 192]; 20 | 21 | A00, A01, A20, A31, A21, A41, A11 = __keccakf1600_avx2_openssl(A00, A01, A20, A31, 22 | A21, A41, A11, 23 | _rhotates_left, 24 | _rhotates_right, 25 | _iotas); 26 | 27 | (u256)[out + 0] = A00; 28 | (u256)[out + 32] = A01; 29 | (u256)[out + 64] = A20; 30 | (u256)[out + 96] = A31; 31 | (u256)[out + 128] = A21; 32 | (u256)[out + 160] = A41; 33 | (u256)[out + 192] = A11; 34 | } 35 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static/poly1305_local.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, 11 | size_t len, unsigned int padbit); 12 | typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], 13 | const unsigned int nonce[4]); 14 | 15 | struct poly1305_context { 16 | double opaque[24]; /* large enough to hold internal state, declared 17 | * 'double' to ensure at least 64-bit invariant 18 | * alignment across all platforms and 19 | * configurations */ 20 | unsigned int nonce[4]; 21 | unsigned char data[POLY1305_BLOCK_SIZE]; 22 | size_t num; 23 | struct { 24 | poly1305_blocks_f blocks; 25 | poly1305_emit_f emit; 26 | } func; 27 | }; 28 | -------------------------------------------------------------------------------- /bench/bindings/crypto_onetimeauth/poly1305/openssl/static_no_asm/poly1305_local.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, 11 | size_t len, unsigned int padbit); 12 | typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], 13 | const unsigned int nonce[4]); 14 | 15 | struct poly1305_context { 16 | double opaque[24]; /* large enough to hold internal state, declared 17 | * 'double' to ensure at least 64-bit invariant 18 | * alignment across all platforms and 19 | * configurations */ 20 | unsigned int nonce[4]; 21 | unsigned char data[POLY1305_BLOCK_SIZE]; 22 | size_t num; 23 | struct { 24 | poly1305_blocks_f blocks; 25 | poly1305_emit_f emit; 26 | } func; 27 | }; 28 | -------------------------------------------------------------------------------- /bench/third_party/kbench-fiat-crypto/jazz/curve25519-jazz.c: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 2 | * 3 | * Copyright (C) 2015 Google Inc. All Rights Reserved. 4 | * Copyright (C) 2015-2018 Jason A. Donenfeld . All Rights Reserved. 5 | * 6 | * Original author: Peter Schwabe 7 | */ 8 | 9 | /*#include */ 10 | /*#include */ 11 | 12 | enum { CURVE25519_POINT_SIZE = 32 }; 13 | 14 | #include "crypto_scalarmult.h" 15 | #include 16 | #include 17 | typedef uint8_t u8; 18 | 19 | extern void curve25519_ref4(u8 out[CURVE25519_POINT_SIZE], const u8 scalar[CURVE25519_POINT_SIZE], const u8 point[CURVE25519_POINT_SIZE]); 20 | 21 | int crypto_scalarmult(u8 out[CURVE25519_POINT_SIZE], const u8 scalar[CURVE25519_POINT_SIZE], const u8 point[CURVE25519_POINT_SIZE]) 22 | { 23 | u8 scalar_[32], point_[32]; 24 | memcpy(scalar_, scalar, 32); 25 | memcpy(point_, point, 32); 26 | curve25519_ref4(out,scalar_,point_); 27 | return 0; 28 | } 29 | 30 | static const unsigned char basepoint[32] = {9}; 31 | 32 | int crypto_scalarmult_base( 33 | unsigned char *q, 34 | const unsigned char *n 35 | ) 36 | { 37 | int r; 38 | r = crypto_scalarmult(q,n,basepoint); 39 | return 0; 40 | } 41 | 42 | -------------------------------------------------------------------------------- /bench/plot: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$#" -eq 0 ]; then 4 | echo "usage: ./plot (chacha20|poly1305) (cycles|xor_cycles) 16 128 (jazz|hacl)" 5 | exit 6 | fi 7 | 8 | operation="$1" 9 | type="$2" 10 | low="$3" 11 | high="$4" 12 | filter="$5" 13 | 14 | gnu=data/$1_$2_$5_$3_$4.gnu 15 | png=data/$1_$2_$5_$3_$4.svg 16 | 17 | idx=0 18 | 19 | echo "set term svg enhanced background rgb 'white'" > $gnu 20 | 21 | echo "set logscale x 2" >> $gnu 22 | 23 | echo "set output \"$png\"" >> $gnu 24 | 25 | for file in $( ls data/*${operation}*.data | egrep "${filter}" ) 26 | do 27 | egrep -o " $type [0-9]+ [0-9]+" "$file" | 28 | awk -v low=$low -vhigh=$high '{if($2 >= low && $2 <= high){printf("%d, %.2f\n", $2,($3/$2))}}' | 29 | sort -t, -g -k1 -k2 | sort -t, -g -k1,1 -u > "${file%.data}_$low_$high.csv" 30 | list[$idx]="${file%.data}_$low_$high.csv"; 31 | idx=$((idx+1)) 32 | done 33 | 34 | 35 | if [ $idx -gt 0 ]; then 36 | echo -n "plot " >> $gnu 37 | while [ $idx -gt 1 ] 38 | do 39 | idx=$((idx-1)) 40 | title=${list[$idx]//_/\\_} 41 | echo "\"${list[$idx]}\" using 1:2 title '$title' with lines, \\" >> $gnu 42 | done 43 | title=${list[0]//_/\\_} 44 | echo "\"${list[0]}\" using 1:2 title '$title' with lines" >> $gnu 45 | fi 46 | 47 | echo "unset logscale x" >> $gnu 48 | 49 | gnuplot $gnu 50 | 51 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3256/scalar/sha3256-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_scalar( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c, 10 | uint64_t *iotas 11 | ); 12 | 13 | uint64_t iotas[32] __attribute__((aligned(256))) = 14 | { 15 | 0,0,0,0,0,0,0, 0 16 | , 0x0000000000000001 17 | , 0x0000000000008082 18 | , 0x800000000000808a 19 | , 0x8000000080008000 20 | , 0x000000000000808b 21 | , 0x0000000080000001 22 | , 0x8000000080008081 23 | , 0x8000000000008009 24 | , 0x000000000000008a 25 | , 0x0000000000000088 26 | , 0x0000000080008009 27 | , 0x000000008000000a 28 | , 0x000000008000808b 29 | , 0x800000000000008b 30 | , 0x8000000000008089 31 | , 0x8000000000008003 32 | , 0x8000000000008002 33 | , 0x8000000000000080 34 | , 0x000000000000800a 35 | , 0x800000008000000a 36 | , 0x8000000080008081 37 | , 0x8000000000008080 38 | , 0x0000000080000001 39 | , 0x8000000080008008 40 | }; 41 | 42 | int sha3256_scalar(unsigned char *out,const unsigned char *in,unsigned long long inlen) 43 | { 44 | uint64_t c[] = {0x06, (1088/8)}; 45 | keccak1600_scalar(out, 32, in, inlen, c, &(iotas[8])); 46 | return 0; 47 | } 48 | 49 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3384/scalar/sha3384-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_scalar( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c, 10 | uint64_t *iotas 11 | ); 12 | 13 | uint64_t iotas[32] __attribute__((aligned(256))) = 14 | { 15 | 0,0,0,0,0,0,0, 0 16 | , 0x0000000000000001 17 | , 0x0000000000008082 18 | , 0x800000000000808a 19 | , 0x8000000080008000 20 | , 0x000000000000808b 21 | , 0x0000000080000001 22 | , 0x8000000080008081 23 | , 0x8000000000008009 24 | , 0x000000000000008a 25 | , 0x0000000000000088 26 | , 0x0000000080008009 27 | , 0x000000008000000a 28 | , 0x000000008000808b 29 | , 0x800000000000008b 30 | , 0x8000000000008089 31 | , 0x8000000000008003 32 | , 0x8000000000008002 33 | , 0x8000000000000080 34 | , 0x000000000000800a 35 | , 0x800000008000000a 36 | , 0x8000000080008081 37 | , 0x8000000000008080 38 | , 0x0000000080000001 39 | , 0x8000000080008008 40 | }; 41 | 42 | int sha3384_scalar(unsigned char *out,const unsigned char *in,unsigned long long inlen) 43 | { 44 | uint64_t c[] = {0x06, (832/8)}; 45 | keccak1600_scalar(out, 48, in, inlen, c, &(iotas[8])); 46 | return 0; 47 | } 48 | 49 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3512/scalar/sha3512-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_scalar( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c, 10 | uint64_t *iotas 11 | ); 12 | 13 | uint64_t iotas[32] __attribute__((aligned(256))) = 14 | { 15 | 0,0,0,0,0,0,0, 0 16 | , 0x0000000000000001 17 | , 0x0000000000008082 18 | , 0x800000000000808a 19 | , 0x8000000080008000 20 | , 0x000000000000808b 21 | , 0x0000000080000001 22 | , 0x8000000080008081 23 | , 0x8000000000008009 24 | , 0x000000000000008a 25 | , 0x0000000000000088 26 | , 0x0000000080008009 27 | , 0x000000008000000a 28 | , 0x000000008000808b 29 | , 0x800000000000008b 30 | , 0x8000000000008089 31 | , 0x8000000000008003 32 | , 0x8000000000008002 33 | , 0x8000000000000080 34 | , 0x000000000000800a 35 | , 0x800000008000000a 36 | , 0x8000000080008081 37 | , 0x8000000000008080 38 | , 0x0000000080000001 39 | , 0x8000000080008008 40 | }; 41 | 42 | int sha3512_scalar(unsigned char *out,const unsigned char *in,unsigned long long inlen) 43 | { 44 | uint64_t c[] = {0x06, (576/8)}; 45 | keccak1600_scalar(out, 64, in, inlen, c, &(iotas[8])); 46 | return 0; 47 | } 48 | 49 | -------------------------------------------------------------------------------- /src/crypto_hash/shake128/scalar/shake128-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_scalar( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c, 10 | uint64_t *iotas 11 | ); 12 | 13 | uint64_t iotas[32] __attribute__((aligned(256))) = 14 | { 15 | 0,0,0,0,0,0,0, 0 16 | , 0x0000000000000001 17 | , 0x0000000000008082 18 | , 0x800000000000808a 19 | , 0x8000000080008000 20 | , 0x000000000000808b 21 | , 0x0000000080000001 22 | , 0x8000000080008081 23 | , 0x8000000000008009 24 | , 0x000000000000008a 25 | , 0x0000000000000088 26 | , 0x0000000080008009 27 | , 0x000000008000000a 28 | , 0x000000008000808b 29 | , 0x800000000000008b 30 | , 0x8000000000008089 31 | , 0x8000000000008003 32 | , 0x8000000000008002 33 | , 0x8000000000000080 34 | , 0x000000000000800a 35 | , 0x800000008000000a 36 | , 0x8000000080008081 37 | , 0x8000000000008080 38 | , 0x0000000080000001 39 | , 0x8000000080008008 40 | }; 41 | 42 | int shake128_scalar(unsigned char *out,const unsigned char *in,unsigned long long inlen) 43 | { 44 | uint64_t c[] = {0x1F, (1344/8)}; 45 | keccak1600_scalar(out, 168, in, inlen, c, &(iotas[8])); 46 | return 0; 47 | } 48 | 49 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/scalar/shake256-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_scalar( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c, 10 | uint64_t *iotas 11 | ); 12 | 13 | uint64_t iotas[32] __attribute__((aligned(256))) = 14 | { 15 | 0,0,0,0,0,0,0,0 16 | , 0x0000000000000001 17 | , 0x0000000000008082 18 | , 0x800000000000808a 19 | , 0x8000000080008000 20 | , 0x000000000000808b 21 | , 0x0000000080000001 22 | , 0x8000000080008081 23 | , 0x8000000000008009 24 | , 0x000000000000008a 25 | , 0x0000000000000088 26 | , 0x0000000080008009 27 | , 0x000000008000000a 28 | , 0x000000008000808b 29 | , 0x800000000000008b 30 | , 0x8000000000008089 31 | , 0x8000000000008003 32 | , 0x8000000000008002 33 | , 0x8000000000000080 34 | , 0x000000000000800a 35 | , 0x800000008000000a 36 | , 0x8000000080008081 37 | , 0x8000000000008080 38 | , 0x0000000080000001 39 | , 0x8000000080008008 40 | }; 41 | 42 | int shake256_scalar(unsigned char *out,const unsigned char *in,unsigned long long inlen) 43 | { 44 | uint64_t c[] = {0x1F, (1088/8)}; 45 | keccak1600_scalar(out, 136, in, inlen, c, &(iotas[8])); 46 | return 0; 47 | } 48 | 49 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3224/scalar/sha3224-m.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void keccak1600_scalar( 5 | uint8_t *out, 6 | uint64_t outlen, 7 | const uint8_t *in, 8 | size_t inlen, 9 | uint64_t *c, 10 | uint64_t *iotas 11 | ); 12 | 13 | uint64_t iotas[32] __attribute__((aligned(256))) = 14 | { 15 | 0,0,0,0,0,0,0, 0 16 | , 0x0000000000000001 17 | , 0x0000000000008082 18 | , 0x800000000000808a 19 | , 0x8000000080008000 20 | , 0x000000000000808b 21 | , 0x0000000080000001 22 | , 0x8000000080008081 23 | , 0x8000000000008009 24 | , 0x000000000000008a 25 | , 0x0000000000000088 26 | , 0x0000000080008009 27 | , 0x000000008000000a 28 | , 0x000000008000808b 29 | , 0x800000000000008b 30 | , 0x8000000000008089 31 | , 0x8000000000008003 32 | , 0x8000000000008002 33 | , 0x8000000000000080 34 | , 0x000000000000800a 35 | , 0x800000008000000a 36 | , 0x8000000080008081 37 | , 0x8000000000008080 38 | , 0x0000000080000001 39 | , 0x8000000080008008 40 | }; 41 | 42 | 43 | int sha3224_scalar(unsigned char *out,const unsigned char *in,unsigned long long inlen) 44 | { 45 | uint64_t c[] = {0x06, (1152/8)}; 46 | keccak1600_scalar(out, 28, in, inlen, c, &(iotas[8])); 47 | return 0; 48 | } 49 | 50 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/scalar/keccakf1600.jahh: -------------------------------------------------------------------------------- 1 | #ifndef KECCAKF1600_SCALAR_H 2 | #define KECCAKF1600_SCALAR_H 3 | 4 | #ifndef STATE_IN_STACK 5 | // 0 uses external memory for the stack space 6 | // 1 uses stack u64[] array 7 | #define STATE_IN_STACK 1 8 | #endif 9 | 10 | #if !STATE_IN_STACK 11 | #define _state_t reg u64 12 | #define _mem m 13 | #define _mem_arg _mem, 14 | #define OFFSET 100 15 | #define S(base,x,y) [base + 8*(5*((x) % 5) + ((y) % 5)) - OFFSET] 16 | #define B(base,x) [base + 8*(x)] 17 | #define B8(base,x) (u8)[base + (x)] 18 | fn swap(_state_t a b) -> _state_t, _state_t 19 | { _state_t t; 20 | t = a; a = b; b = t; // TODO XCHG 21 | return a, b; } 22 | #define setup(a,b) a += OFFSET;b = a + 200; 23 | #define restore(a,b) a -= OFFSET; 24 | 25 | #else 26 | 27 | #define _state_t stack u64[25] 28 | #define _mem 29 | #define _mem_arg 30 | #define S(base,x,y) base[(5*((x) % 5) + ((y) % 5))] 31 | #define B(base,x) base[(int)x] 32 | #define B8(base,x) base[u8 (int)(x)] 33 | #if 0 34 | // swap is undefined when state is in stack because it implies a full 35 | // (not logical) swap. For instance, atm, loop should be unrolled twice 36 | // when using stack for the state to avoid this. 37 | #endif 38 | #define setup(a,b) 39 | #define restore(a,b) 40 | 41 | #endif 42 | #endif 43 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/mulx/x25519_mul_a24.jazz: -------------------------------------------------------------------------------- 1 | #ifndef X25519_MUL_A24 2 | #define X25519_MUL_A24 3 | 4 | // h = (2**0*f0 + 2**64*f1 + 2**128*f2 + 2**192*f3) * a24 5 | // 6 | // ... 7 | // 8 | // h0 = f0*_a24_l 9 | // h1 = f0*_a24_h 10 | // h1 += f1*_a24_l 11 | // h2 = f1*_a24_h 12 | // h2 += f2*_a24_l 13 | // h3 = f2*_a24_h 14 | // h3 += f3*_a24_l 15 | // h4 = f3*_a24_h 16 | 17 | 18 | fn _fe64_mul_a24(stack u64[4] f, inline u64 a24) -> reg u64[4] 19 | { 20 | inline int i; 21 | reg bool cf; 22 | reg u64[4] h; 23 | reg u64 c r0 lo; 24 | 25 | c = a24; 26 | 27 | (h[1], h[0]) = #MULX(c, f[0]); 28 | (h[2], lo) = #MULX(c, f[1]); 29 | 30 | cf, h[1] += lo; 31 | 32 | (h[3], lo) = #MULX(c, f[2]); 33 | 34 | cf, h[2] += lo + cf; 35 | 36 | (r0, lo) = #MULX(c, f[3]); 37 | 38 | cf, h[3] += lo + cf; 39 | 40 | _, r0 += 0 + cf; 41 | 42 | _, _, _, _, _, r0 = #IMULri (r0, 38); 43 | 44 | cf, h[0] += r0; 45 | cf, h[1] += 0 + cf; 46 | cf, h[2] += 0 + cf; 47 | cf, h[3] += 0 + cf; 48 | 49 | _, c -= c - cf; 50 | 51 | c &= 38; 52 | h[0] += c; 53 | 54 | return h; 55 | } 56 | 57 | fn _fe64_mul_a24_ss(stack u64[4] f, inline u64 a24) -> stack u64[4] 58 | { 59 | stack u64[4] hs; 60 | reg u64[4] h; 61 | 62 | h = _fe64_mul_a24(f, a24); 63 | hs = h; 64 | 65 | return hs; 66 | } 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /src/crypto_core/keccakf160064bits/scalar_g/keccakf1600.jahh: -------------------------------------------------------------------------------- 1 | #ifndef KECCAKF1600_SCALAR_G_H 2 | #define KECCAKF1600_SCALAR_G_H 3 | 4 | #ifndef STATE_IN_STACK 5 | // 0 uses external memory for the stack space 6 | // 1 uses stack u64[] array 7 | #define STATE_IN_STACK 1 8 | #endif 9 | 10 | #if !STATE_IN_STACK 11 | 12 | #define _state_t reg u64 13 | #define _mem m 14 | #define _mem_arg _mem, 15 | #define OFFSET 100 16 | #define S(base,x,y) [base + 8*(5*((x) % 5) + ((y) % 5)) - OFFSET] 17 | #define B(base,x) [base + 8*(x)] 18 | #define B8(base,x) (u8)[base + (x)] 19 | fn swap(_state_t a b) -> _state_t, _state_t 20 | { _state_t t; 21 | t = a; a = b; b = t; // TODO XCHG 22 | return a, b; } 23 | #define setup(a,b) a += OFFSET;b = a + 200; 24 | #define restore(a,b) a -= OFFSET; 25 | 26 | #else 27 | 28 | #define _state_t stack u64[25] 29 | #define _mem 30 | #define _mem_arg 31 | #define S(base,x,y) base[(5*((x) % 5) + ((y) % 5))] 32 | #define B(base,x) base[(int)x] 33 | #define B8(base,x) base[u8 (int)(x)] 34 | #if 0 35 | // swap is undefined when state is in stack because it implies a full 36 | // (not logical) swap. For instance, atm, loop should be unrolled twice 37 | // when using stack for the state to avoid this. 38 | #endif 39 | #define setup(a,b) 40 | #define restore(a,b) 41 | 42 | #endif 43 | #endif 44 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3512/avx2/sha3512.jazz: -------------------------------------------------------------------------------- 1 | #define KECCAK1600_ADD_FULL_BLOCK_IMPLEMENTATION 1 2 | 3 | u64 s_zero = 0; 4 | 5 | fn add_full_block( 6 | reg u256[7] state, 7 | stack u64[28] s_state, 8 | reg u64 a_jagged, 9 | reg u64 in inlen, 10 | reg u64 rate 11 | ) -> reg u256[7], stack u64[28], reg u64, reg u64 12 | { 13 | reg u256 a00 a10 a01 a11; 14 | reg u256 t11 t12 t13; 15 | reg u256 zero; 16 | 17 | zero = #VPBROADCAST_4u64(s_zero); 18 | 19 | a00 = #VPBROADCAST_4u64([in + 8*0]); // (0,0) (0,0) (0,0) (0,0) 20 | a10 = #VPBROADCAST_4u64([in + 8*5]); // (1,0) (1,0) (1,0) (1,0) 21 | a01 = (u256)[in + 8*1]; // (0,4) (0,3) (0,2) (0,1) 22 | a11 = (u256)[in + 8*6 ]; // (1,4) (1,3) (1,2) (1,1) 23 | 24 | state[0] ^= a00; 25 | state[1] ^= a01; 26 | 27 | a01 = #VPBLENDD_256(a10, zero, (8u1)[1,1,0,0,1,1,1,1]); // ___ (1,0) ___ ___ 28 | t12 = #VPBLENDD_256(a11, zero, (8u1)[1,1,1,1,0,0,1,1]); // ___ ___ (1,2) ___ 29 | t13 = #VPBLENDD_256(a11, zero, (8u1)[1,1,0,0,1,1,1,1]); // ___ (1,3) ___ ___ 30 | t11 = #VPBLENDD_256(a11, zero, (8u1)[1,1,1,1,1,1,0,0]); // ___ ___ ___ (1,1) 31 | 32 | state[2] ^= a01; 33 | state[3] ^= t12; 34 | state[4] ^= t13; 35 | state[6] ^= t11; 36 | 37 | in += rate; 38 | inlen -= rate; 39 | 40 | return state, s_state, in, inlen; 41 | } 42 | 43 | #include "crypto_hash/keccak1600/avx2/keccak1600.jazz" 44 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/mulx/x25519_add.jazz: -------------------------------------------------------------------------------- 1 | #ifndef X25519_ADD 2 | #define X25519_ADD 3 | 4 | // h = f + g 5 | // h = 2**0*f0 + 2**64*f1 + 2**128*f2 + 2**192*f3 + 6 | // 2**0*g0 + 2**64*g1 + 2**128*g2 + 2**192*g3 7 | 8 | fn _fe64_add_rrs 9 | ( reg u64[4] f, 10 | stack u64[4] g, 11 | reg u64 z 12 | ) -> reg u64[4] 13 | { 14 | inline int i; 15 | reg bool cf; 16 | reg u64[4] h; 17 | 18 | h = f; 19 | 20 | cf, h[0] += g[0]; 21 | for i=1 to 4 22 | { cf, h[i] += g[i] + cf; } 23 | 24 | _, z -= z - cf; 25 | z &= 38; 26 | 27 | cf, h[0] += z; 28 | for i=1 to 4 29 | { cf, h[i] += 0 + cf; } 30 | 31 | _, z -= z - cf; 32 | z &= 38; 33 | h[0] += z; 34 | 35 | return h; 36 | } 37 | 38 | fn _fe64_add_sss(stack u64[4] fs gs) -> stack u64[4] 39 | { 40 | stack u64[4] hs; 41 | reg u64[4] h f; 42 | reg u64 z; 43 | 44 | z = #set0(); 45 | f = fs; 46 | h = _fe64_add_rrs(f, gs, z); 47 | hs = h; 48 | 49 | return hs; 50 | } 51 | 52 | fn _fe64_add_ssr(stack u64[4] fs, reg u64[4] g) -> stack u64[4] 53 | { 54 | stack u64[4] hs; 55 | reg u64[4] h f; 56 | reg u64 z; 57 | 58 | z = #set0(); 59 | h = _fe64_add_rrs(g, fs, z); 60 | hs = h; 61 | 62 | return hs; 63 | } 64 | 65 | fn _fe64_add_rsr(stack u64[4] fs, reg u64[4] g) -> reg u64[4] 66 | { 67 | reg u64[4] h f; 68 | reg u64 z; 69 | 70 | z = #set0(); 71 | h = _fe64_add_rrs(g, fs, z); 72 | 73 | return h; 74 | } 75 | 76 | #endif 77 | -------------------------------------------------------------------------------- /bench/plot-fixed: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$#" -eq 0 ]; then 4 | echo "usage: ./plot-fixed (curve25519) (base_cycles|cycles) (jazz|hacl|openssl|boringssl)" 5 | exit 6 | fi 7 | 8 | operation="$1" 9 | type="$2" 10 | filter="$3" 11 | 12 | id=${3//[(|)]/_} # removes (, | and ) from the filter 13 | csv=data/$1_$2_$id.csv 14 | gnu=data/$1_$2_$id.gnu 15 | svg=data/$1_$2_$id.svg 16 | 17 | idx=0 18 | 19 | echo -n "" > $csv 20 | 21 | for file in $( ls data/*${operation}*.data | egrep "${filter}") 22 | do 23 | filef=${file//data\//} 24 | filef=${filef//\.data/} 25 | filef=${filef//crypto_scalarmult_curve25519_/} 26 | filef=${filef//_/-} 27 | echo -n "${filef}, " >> $csv 28 | egrep -o " $type - [0-9]+" "$file" | 29 | awk '{print $3}' | 30 | sort -g | head -n1 >> $csv 31 | done 32 | 33 | sort -t, -g -k2 -o $csv $csv 34 | 35 | upper=`cat $csv | tail -n1 | cut -d, -f2` 36 | upper=`echo "($upper * 1.1) / 1" | bc` 37 | 38 | echo "" > $gnu 39 | echo "set term svg enhanced background rgb 'white'" >> $gnu 40 | echo "set yrange [0:$upper]" >> $gnu 41 | echo "set title \"curve25519 $type\"" >> $gnu 42 | echo "set output \"$svg\"" >> $gnu 43 | echo "set boxwidth 0.5 relative" >> $gnu 44 | echo "set style fill solid 0.5" >> $gnu 45 | echo "set xlabel \"implementations\"" >> $gnu 46 | echo "set ylabel \"cycles\"" >> $gnu 47 | echo "set xtics rotate" >> $gnu 48 | echo "plot \"$csv\" using 0:2:xticlabels(1) with boxes notitle" >> $gnu 49 | 50 | gnuplot $gnu 51 | 52 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # -*- Makefile -*- 2 | 3 | # -------------------------------------------------------------------- 4 | .PHONY: generate check clean dist 5 | 6 | NAME := libjc 7 | 8 | # -------------------------------------------------------------------- 9 | generate: 10 | $(MAKE) -C src 11 | $(MAKE) -C proof generate 12 | 13 | # -------------------------------------------------------------------- 14 | check: generate 15 | $(MAKE) -C proof check 16 | 17 | # -------------------------------------------------------------------- 18 | clean: 19 | $(MAKE) -C src clean 20 | $(MAKE) -C proof clean 21 | 22 | # -------------------------------------------------------------------- 23 | dist: generate 24 | rm -rf $(NAME) $(NAME).tar.gz 25 | ./scripts/distribution $(NAME) MANIFEST 26 | tar -czf $(NAME).tar.gz --owner=0 --group=0 $(NAME) && rm -rf $(NAME) 27 | 28 | # -------------------------------------------------------------------- 29 | distcheck: dist 30 | tar -xof $(NAME).tar.gz 31 | set -x; \ 32 | $(MAKE) -C $(NAME) generate \ 33 | && $(MAKE) -C $(NAME) check \ 34 | && $(MAKE) -C $(NAME) dist \ 35 | && mkdir $(NAME)/dist1 $(NAME)/dist2 \ 36 | && ( cd $(NAME)/dist1 && tar -xof ../$(NAME).tar.gz ) \ 37 | && ( cd $(NAME)/dist2 && tar -xof ../../$(NAME).tar.gz ) \ 38 | && diff -rq $(NAME)/dist1 $(NAME)/dist2 \ 39 | || exit 1 40 | rm -rf $(NAME) 41 | @echo "$(NAME) is ready for distribution" | \ 42 | $(SED) -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' 43 | -------------------------------------------------------------------------------- /bench/curve25519: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # remove previous benchmarks files related to curve25519 4 | ls data/crypto_scalarmult_curve25519_* | xargs rm 5 | 6 | # copy implementations and bindings into supercop-* 7 | ./sync 8 | ./sync openssl 9 | ./sync boringssl 10 | ./sync hacl_star 11 | ./sync fiat-crypto 12 | ./sync evercrypt 13 | 14 | # run benchmarks... this can take some time 15 | ./bench curve25519 16 | 17 | # move openssl static results to openssl static x25519_fe64_eligible or just fe64 (0x80100 bits 64+8 and 64+19 : man OPENSSL_ia32cap) 18 | mv data/crypto_scalarmult_curve25519_openssl_static.data data/crypto_scalarmult_curve25519_openssl_static_fe64.data 19 | 20 | # disable x25519_fe64_eligible (adcx adox bmi2) 21 | (export OPENSSL_ia32cap=~0x801000000000000000000 && ./bench curve25519-openssl && unset OPENSSL_ia32cap) 22 | mv data/crypto_scalarmult_curve25519_openssl_static.data data/crypto_scalarmult_curve25519_openssl_static_disable_fe64.data 23 | 24 | # plot 25 | ./plot-fixed curve25519 cycles 26 | ./plot-fixed curve25519 base_cycles 27 | 28 | ./plot-fixed curve25519 cycles "(jazz)" 29 | ./plot-fixed curve25519 base_cycles "(jazz)" 30 | 31 | ./plot-fixed curve25519 cycles "(amd64|boring|donna|fiat|hacl_star_gcc|jazz|openssl|sandy|ever)" 32 | ./plot-fixed curve25519 base_cycles "(amd64|boring|donna|fiat|hacl_star_gcc|jazz|openssl|sandy|ever)" 33 | 34 | today=`date "+%Y%m%d"` 35 | mkdir -p data/curve25519-$today 36 | 37 | ls data/*curve25519*.* | egrep -v "\.data$" | while read file 38 | do 39 | mv $file data/curve25519-$today 40 | done 41 | 42 | -------------------------------------------------------------------------------- /bench/patch/20190910/remove: -------------------------------------------------------------------------------- 1 | crypto_encode/761x1531round/used 2 | crypto_encode/653x1541round/used 3 | crypto_encode/653xint16/used 4 | crypto_encode/857x1723/used 5 | crypto_encode/761x4591/used 6 | crypto_encode/857x5167/used 7 | crypto_encode/653x4621/used 8 | crypto_encode/857xint16/used 9 | crypto_encode/761x3/used 10 | crypto_encode/857x3/used 11 | crypto_encode/256x2/used 12 | crypto_encode/256x16/used 13 | crypto_encode/761x1531/used 14 | crypto_encode/761xint16/used 15 | crypto_encode/653x1541/used 16 | crypto_encode/653x3/used 17 | crypto_encode/857x1723round/used 18 | crypto_decode/761xint32/used 19 | crypto_decode/653xint16/used 20 | crypto_decode/857x1723/used 21 | crypto_decode/761x4591/used 22 | crypto_decode/857x5167/used 23 | crypto_decode/653x4621/used 24 | crypto_decode/857xint16/used 25 | crypto_decode/761x3/used 26 | crypto_decode/857x3/used 27 | crypto_decode/653xint32/used 28 | crypto_decode/256x2/used 29 | crypto_decode/256x16/used 30 | crypto_decode/761x1531/used 31 | crypto_decode/857xint32/used 32 | crypto_decode/761xint16/used 33 | crypto_decode/653x1541/used 34 | crypto_decode/653x3/used 35 | crypto_core/inv3sntrup761/used 36 | crypto_core/mult3sntrup653/used 37 | crypto_core/inv3sntrup653/used 38 | crypto_core/invsntrup857/used 39 | crypto_core/mult3sntrup761/used 40 | crypto_core/mult3sntrup857/used 41 | crypto_core/multsntrup761/used 42 | crypto_core/multsntrup653/used 43 | crypto_core/invsntrup761/used 44 | crypto_core/invsntrup653/used 45 | crypto_core/multsntrup857/used 46 | crypto_core/inv3sntrup857/used 47 | crypto_core/invhrss701/used 48 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Important Notice 2 | 3 | The development of new Jasmin implementations switched to https://github.com/formosa-crypto/libjade 4 | 5 | For more information about the Formosa Crypto Project, consult the following website: https://formosa-crypto.org/ 6 | 7 | # Setup 8 | ``` 9 | git clone --recurse-submodules https://github.com/tfaoliveira/libjc.git 10 | cd libjc/env 11 | vagrant up 12 | ``` 13 | You should now have an Ubuntu machine with [Jasmin](https://github.com/jasmin-lang/jasmin) compiler and [EasyCrypt](https://github.com/EasyCrypt/easycrypt) installed. If you also want to install [Proof General](https://proofgeneral.github.io/) -- check PG page for details: 14 | ``` 15 | M-x package-refresh-contents RET 16 | M-x package-install RET 17 | proof-general RET 18 | ``` 19 | You can read the following page if you encounter any gpg related error: https://elpa.gnu.org/packages/gnu-elpa-keyring-update.html. If the public key isn't found, probably the following command will fix the issue: 20 | ``` 21 | gpg --homedir ~/.emacs.d/elpa/gnupg --receive-keys 066DAFCB81E42C40 22 | ``` 23 | 24 | # Benchmarks 25 | 26 | ## ChaCha20 27 | ![chacha20](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_xor_cycles_32_16384.svg) 28 | 29 | ## Poly1305 30 | ![poly1305](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_cycles_32_16384.svg) 31 | 32 | ## SHAKE256 33 | (output set 136 bytes) 34 | 35 | ![shake256](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/shake256_libjc_cycles_128_16384.svg) 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "bench/third_party/openssl"] 2 | path = bench/third_party/openssl 3 | url = https://github.com/openssl/openssl.git 4 | ignore = dirty 5 | [submodule "bench/third_party/libsodium"] 6 | path = bench/third_party/libsodium 7 | url = https://github.com/jedisct1/libsodium.git 8 | [submodule "bench/third_party/hacl-star"] 9 | path = bench/third_party/hacl-star 10 | url = https://github.com/project-everest/hacl-star.git 11 | ignore = dirty 12 | [submodule "bench/third_party/boringssl"] 13 | path = bench/third_party/boringssl 14 | url = https://github.com/google/boringssl.git 15 | [submodule "bench/third_party/usuba"] 16 | path = bench/third_party/usuba 17 | url = https://github.com/DadaIsCrazy/usuba.git 18 | [submodule "bench/third_party/fiat-crypto"] 19 | path = bench/third_party/fiat-crypto 20 | url = https://github.com/mit-plv/fiat-crypto 21 | ignore = dirty 22 | [submodule "bench/third_party/hacl-star-evercrypt/hacl-star"] 23 | path = bench/third_party/hacl-star-evercrypt/hacl-star 24 | url = https://github.com/project-everest/hacl-star.git 25 | branch = evercrypt-v0.1+ 26 | ignore = dirty 27 | [submodule "env/third_party/jasmin"] 28 | path = env/third_party/jasmin 29 | url = https://github.com/jasmin-lang/jasmin.git 30 | branch = array_cast 31 | [submodule "env/third_party/easycrypt"] 32 | path = env/third_party/easycrypt 33 | url = https://github.com/EasyCrypt/easycrypt.git 34 | branch = 1.0 35 | [submodule "compcert_v3.6"] 36 | path = env/third_party/compcert/compcert_v3.6 37 | url = https://github.com/AbsInt/CompCert.git 38 | [submodule "env/third_party/z3"] 39 | path = env/third_party/z3 40 | url = https://github.com/Z3Prover/z3.git 41 | ignore = dirty 42 | -------------------------------------------------------------------------------- /proof/crypto_stream/chacha20/README.txt: -------------------------------------------------------------------------------- 1 | This file describes the content of files for the security of ChaCha20. 2 | 3 | 1/ Functional specification of ChaCha20: 4 | 5 | ChaCha20_Spec.ec: 6 | the specification HACL* style 7 | ChaCha20_pref.ec: 8 | basic imperative version 9 | ChaCha20_pref_proof.ec: 10 | proof that ChaCha20_pref satisfies its spec. 11 | 12 | 2/ ChaCha20_ref (use only scalar operations, no avx/avx2 instructions): 13 | 14 | ChaCha20_sref.ec: 15 | extracted model of the jasmin program 16 | ChaCha20_sref_proof.ec: 17 | equivalence between ChaCha20_pref and ChaCha20_sref 18 | proof that ChaCha20_sref satisfies its spec. 19 | 20 | ChaCha20_sref_CT.ec: 21 | extracted constant time model of jasmin program 22 | ChaCha20_sref_CT_proof.ec: 23 | proof that ChaCha20_ref is constant time 24 | 25 | 3/ ChaCha20_savx: 26 | 27 | ChaCha20_savx_CT.ec: 28 | extracted constant time model of jasmin program 29 | ChaCha20_savx_CT_proof.ec: 30 | proof that ChaCha20_avx is constant time 31 | 32 | 33 | 4/ ChaCha20_savx2: 34 | 35 | ChaCha20_pavx2_cf.ec: 36 | change in the control flow 37 | equivalence between ChaCha20_pref and ChaCha20_pavx2_cf 38 | ChaCha20_pavx2.ec: 39 | equivalence between ChaCha20_pavx2_cf and ChaCha20_pavx2 40 | ChaCha20_savx2.ec: 41 | extracted model of the jasmin program 42 | ChaCha20_savx2_proof.ec: 43 | equivalence between ChaCha20_pavx2 and ChaCha20_savx2 44 | proof that ChaCha20_avx2 satisfies its spec. 45 | 46 | ChaCha20_savx2_CT.ec: 47 | extracted constant time model of jasmin program 48 | ChaCha20_savx2_CT_proof.ec: 49 | proof that ChaCha20_avx2 is constant time 50 | 51 | -------------------------------------------------------------------------------- /bench/poly1305: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # remove previous benchmarks files related to poly1305 4 | ls data/crypto_onetimeauth_poly1305_* | xargs rm 5 | 6 | # copy implementations and bindings into supercop-* 7 | ./sync 8 | ./sync openssl 9 | ./sync libsodium 10 | ./sync hacl_star 11 | ./sync vale 12 | 13 | ## run benchmarks... this can take some time 14 | ./bench poly1305 15 | 16 | # move openssl static results to openssl static avx2 17 | mv data/crypto_onetimeauth_poly1305_openssl_static.data data/crypto_onetimeauth_poly1305_openssl_static_avx2.data 18 | 19 | # disable avx and avx2/avx/sse/sse2/ssse3 run openssl benchmarks 20 | (export OPENSSL_ia32cap=~0x201000020006000000 && ./bench poly1305-openssl && unset OPENSSL_ia32cap) 21 | mv data/crypto_onetimeauth_poly1305_openssl_static.data data/crypto_onetimeauth_poly1305_openssl_static_ref.data 22 | 23 | # disable avx2 and run openssl benchmarks 24 | (export OPENSSL_ia32cap=~0x200000000000000000 && ./bench poly1305-openssl && unset OPENSSL_ia32cap) 25 | mv data/crypto_onetimeauth_poly1305_openssl_static.data data/crypto_onetimeauth_poly1305_openssl_static_avx.data 26 | 27 | # plot 28 | ./plot poly1305 cycles 32 16384 "(jazz|openssl)" 29 | ./plot poly1305 cycles 32 16384 "(jazz|hacl_star_gcc)" 30 | ./plot poly1305 cycles 32 16384 "(jazz|hacl_star_ccomp)" 31 | ./plot poly1305 cycles 32 16384 "(jazz|libsodium)" 32 | ./plot poly1305 cycles 32 16384 "(jazz|moon)" 33 | ./plot poly1305 cycles 32 16384 "(jazz|vale)" 34 | ./plot poly1305 cycles 32 16384 "(jazz|53|amd64|avx)" 35 | ./plot poly1305 cycles 32 16384 36 | 37 | today=`date "+%Y%m%d"` 38 | mkdir -p data/poly1305-$today 39 | 40 | ls data/*poly1305*.* | egrep -v "\.data$" | while read file 41 | do 42 | mv $file data/poly1305-$today 43 | done 44 | 45 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_scalarmult/measure.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "kernelrandombytes.h" 3 | #include "cpucycles.h" 4 | #include "crypto_scalarmult.h" 5 | #include "measure.h" 6 | 7 | const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION; 8 | const char *implementationversion = crypto_scalarmult_VERSION; 9 | const char *sizenames[] = { "outputbytes", "scalarbytes", 0 }; 10 | const long long sizes[] = { crypto_scalarmult_BYTES, crypto_scalarmult_SCALARBYTES }; 11 | 12 | static unsigned char *m; 13 | static unsigned char *n; 14 | static unsigned char *p; 15 | static unsigned char *q; 16 | 17 | void preallocate(void) 18 | { 19 | } 20 | 21 | void allocate(void) 22 | { 23 | m = alignedcalloc(crypto_scalarmult_SCALARBYTES); 24 | n = alignedcalloc(crypto_scalarmult_SCALARBYTES); 25 | p = alignedcalloc(crypto_scalarmult_BYTES); 26 | q = alignedcalloc(crypto_scalarmult_BYTES); 27 | } 28 | 29 | #define TIMINGS 512 30 | static long long cycles[TIMINGS + 1]; 31 | 32 | void measure(void) 33 | { 34 | int i; 35 | int loop; 36 | 37 | for (loop = 0;loop < LOOPS;++loop) { 38 | 39 | kernelrandombytes(m,crypto_scalarmult_SCALARBYTES); 40 | kernelrandombytes(n,crypto_scalarmult_SCALARBYTES); 41 | 42 | for (i = 0;i <= TIMINGS;++i) { 43 | cycles[i] = cpucycles(); 44 | crypto_scalarmult_base(p,m); 45 | } 46 | for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; 47 | printentry(-1,"base_cycles",cycles,TIMINGS); 48 | 49 | for (i = 0;i <= TIMINGS;++i) { 50 | cycles[i] = cpucycles(); 51 | crypto_scalarmult(q,n,p); 52 | } 53 | for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; 54 | printentry(-1,"cycles",cycles,TIMINGS); 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_scalarmult/measure.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "kernelrandombytes.h" 3 | #include "cpucycles.h" 4 | #include "crypto_scalarmult.h" 5 | #include "measure.h" 6 | 7 | const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION; 8 | const char *implementationversion = crypto_scalarmult_VERSION; 9 | const char *sizenames[] = { "outputbytes", "scalarbytes", 0 }; 10 | const long long sizes[] = { crypto_scalarmult_BYTES, crypto_scalarmult_SCALARBYTES }; 11 | 12 | static unsigned char *m; 13 | static unsigned char *n; 14 | static unsigned char *p; 15 | static unsigned char *q; 16 | 17 | void preallocate(void) 18 | { 19 | } 20 | 21 | void allocate(void) 22 | { 23 | m = alignedcalloc(crypto_scalarmult_SCALARBYTES); 24 | n = alignedcalloc(crypto_scalarmult_SCALARBYTES); 25 | p = alignedcalloc(crypto_scalarmult_BYTES); 26 | q = alignedcalloc(crypto_scalarmult_BYTES); 27 | } 28 | 29 | #define TIMINGS 512 30 | static long long cycles[TIMINGS + 1]; 31 | 32 | void measure(void) 33 | { 34 | int i; 35 | int loop; 36 | 37 | for (loop = 0;loop < LOOPS;++loop) { 38 | 39 | kernelrandombytes(m,crypto_scalarmult_SCALARBYTES); 40 | kernelrandombytes(n,crypto_scalarmult_SCALARBYTES); 41 | 42 | for (i = 0;i <= TIMINGS;++i) { 43 | cycles[i] = cpucycles(); 44 | crypto_scalarmult_base(p,m); 45 | } 46 | for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; 47 | printentry(-1,"base_cycles",cycles,TIMINGS); 48 | 49 | for (i = 0;i <= TIMINGS;++i) { 50 | cycles[i] = cpucycles(); 51 | crypto_scalarmult(q,n,p); 52 | } 53 | for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; 54 | printentry(-1,"cycles",cycles,TIMINGS); 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /bench/keccak: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | VERSION=`cat config/version` 4 | ILIST="sha3224 sha3256 sha3384 sha3512 shake128 shake256" 5 | 6 | ## remove previous benchmarks files related to keccak 7 | rm -f data/crypto_hash_sha3* 8 | rm -f data/crypto_hash_shake* 9 | 10 | ## copy implementations and bindings into supercop-* 11 | ./sync 12 | ./sync evercrypt 13 | 14 | PREVIOUS_LD_LIBRARY_PATH=`echo -n $LD_LIBRARY_PATH` 15 | 16 | ## run libjc 17 | ./bench keccak 18 | 19 | ## run evercrypt 20 | ./bench keccak-evercrypt 21 | 22 | ## run benchmarks with openssl configured with no-asm 23 | export LD_LIBRARY_PATH=$PREVIOUS_LD_LIBRARY_PATH:`pwd`/third_party_shared_libs/openssl-no-asm/lib/ 24 | sudo ldconfig 25 | ./bench keccak-openssl-no-asm 26 | for i in $ILIST; do mv data/crypto_hash_${i}_openssl.data data/crypto_hash_${i}_openssl_no_asm.data; done 27 | 28 | ## run benchmarks with openssl compiled with default keccak 29 | export LD_LIBRARY_PATH=$PREVIOUS_LD_LIBRARY_PATH:`pwd`/third_party_shared_libs/openssl/lib/ 30 | sudo ldconfig 31 | ./bench keccak-openssl 32 | for i in $ILIST; do mv data/crypto_hash_${i}_openssl.data data/crypto_hash_${i}_openssl_scalar.data; done 33 | 34 | ## run with keccak avx2 35 | export LD_LIBRARY_PATH=$PREVIOUS_LD_LIBRARY_PATH:`pwd`/third_party_shared_libs/openssl-keccak-avx2/lib/ 36 | sudo ldconfig 37 | echo $LD_LIBRARY_PATH 38 | ./bench keccak-openssl-avx2 39 | for i in $ILIST; do mv data/crypto_hash_${i}_openssl.data data/crypto_hash_${i}_openssl_avx2.data; done 40 | 41 | ## gen plots 42 | for i in $ILIST; do ./plot $i cycles 128 16384 ""; done 43 | 44 | today=`date "+%Y%m%d"` 45 | mkdir -p data/keccak-$today 46 | 47 | for i in $ILIST 48 | do 49 | ls data/*$i*.* | egrep -v "\.data$" | while read file 50 | do 51 | mv $file data/keccak-$today 52 | done 53 | done 54 | 55 | -------------------------------------------------------------------------------- /bench/chacha20: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # remove previous benchmarks files related to chacha20 4 | ls data/crypto_stream_chacha20_* | xargs rm 5 | 6 | # copy implementations and bindings into supercop-* 7 | ./sync 8 | ./sync openssl 9 | ./sync libsodium 10 | ./sync hacl_star 11 | 12 | # run benchmarks... this can take some time 13 | ./bench chacha20 14 | 15 | # move openssl static results to openssl static avx2 16 | mv data/crypto_stream_chacha20_openssl_static.data data/crypto_stream_chacha20_openssl_static_avx2.data 17 | 18 | # disable avx and avx2/avx/sse/sse2/ssse3 run openssl benchmarks 19 | (export OPENSSL_ia32cap=~0x201000020006000000 && ./bench chacha20-openssl && unset OPENSSL_ia32cap) 20 | mv data/crypto_stream_chacha20_openssl_static.data data/crypto_stream_chacha20_openssl_static_ref.data 21 | 22 | (export OPENSSL_ia32cap=~0x200000000000000000 && ./bench chacha20-openssl && unset OPENSSL_ia32cap) 23 | mv data/crypto_stream_chacha20_openssl_static.data data/crypto_stream_chacha20_openssl_static_avx.data 24 | 25 | # plot 26 | ./plot chacha20 xor_cycles 32 16384 "(jazz|openssl)" 27 | ./plot chacha20 xor_cycles 32 16384 "(jazz|hacl_star_gcc)" 28 | ./plot chacha20 xor_cycles 32 16384 "(jazz|hacl_star_ccomp)" 29 | ./plot chacha20 xor_cycles 32 16384 "(jazz|libsodium)" 30 | ./plot chacha20 xor_cycles 32 16384 "(jazz|usuba)" 31 | ./plot chacha20 xor_cycles 32 16384 "(jazz|moon)" 32 | ./plot chacha20 xor_cycles 32 16384 "(jazz|krovetz|goll)" 33 | ./plot chacha20 xor_cycles 32 16384 "(jazz|dolbeau|amd64|e_ref)" 34 | ./plot chacha20 xor_cycles 32 16384 "(libsodium|dolbeau)" 35 | ./plot chacha20 xor_cycles 32 16384 36 | 37 | today=`date "+%Y%m%d"` 38 | mkdir -p data/chacha20-$today 39 | 40 | ls data/*chacha20*.* | egrep -v "\.data$" | while read file 41 | do 42 | mv $file data/chacha20-$today 43 | done 44 | -------------------------------------------------------------------------------- /bench/setup2: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | version=`cat config/version` 4 | 5 | cp ./patch/$version/do-part supercop-$version/do-part 6 | cp ./patch/$version/measure-anything.c supercop-$version/measure-anything.c 7 | cp ./patch/$version/crypto_stream/measure.c supercop-$version/crypto_stream/measure.c 8 | cp ./patch/$version/crypto_onetimeauth/measure.c supercop-$version/crypto_onetimeauth/measure.c 9 | cp ./patch/$version/crypto_hash/measure.c supercop-$version/crypto_hash/measure.c 10 | 11 | cp ./patch/$version/crypto_hash/shake128/checksumbig supercop-$version/crypto_hash/shake128/checksumbig 12 | cp ./patch/$version/crypto_hash/shake128/checksumsmall supercop-$version/crypto_hash/shake128/checksumsmall 13 | cp ./patch/$version/crypto_hash/sha3512/checksumbig supercop-$version/crypto_hash/sha3512/checksumbig 14 | cp ./patch/$version/crypto_hash/sha3512/checksumsmall supercop-$version/crypto_hash/sha3512/checksumsmall 15 | cp ./patch/$version/crypto_hash/sha3384/checksumbig supercop-$version/crypto_hash/sha3384/checksumbig 16 | cp ./patch/$version/crypto_hash/sha3384/checksumsmall supercop-$version/crypto_hash/sha3384/checksumsmall 17 | cp ./patch/$version/crypto_hash/sha3256/checksumbig supercop-$version/crypto_hash/sha3256/checksumbig 18 | cp ./patch/$version/crypto_hash/sha3256/checksumsmall supercop-$version/crypto_hash/sha3256/checksumsmall 19 | cp ./patch/$version/crypto_hash/sha3256/checksumbig supercop-$version/crypto_hash/sha3256/checksumbig 20 | cp ./patch/$version/crypto_hash/sha3256/checksumsmall supercop-$version/crypto_hash/sha3256/checksumsmall 21 | cp ./patch/$version/crypto_hash/sha3224/checksumbig supercop-$version/crypto_hash/sha3224/checksumbig 22 | cp ./patch/$version/crypto_hash/sha3224/checksumsmall supercop-$version/crypto_hash/sha3224/checksumsmall 23 | 24 | echo "bench" > config/work 25 | mkdir -p data/ 26 | 27 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3384/avx2/sha3384.jazz: -------------------------------------------------------------------------------- 1 | #define KECCAK1600_ADD_FULL_BLOCK_IMPLEMENTATION 1 2 | 3 | u64 s_zero = 0; 4 | 5 | fn add_full_block( 6 | reg u256[7] state, 7 | stack u64[28] s_state, 8 | reg u64 a_jagged, 9 | reg u64 in inlen, 10 | reg u64 rate 11 | ) -> reg u256[7], stack u64[28], reg u64, reg u64 12 | { 13 | reg u128 a21_u128; 14 | reg u256 a00, a01, a11, a21; 15 | reg u256 t11 t41 t31 t21; 16 | reg u256 zero; 17 | reg u64 r10 r20; 18 | stack u64[4] s20; 19 | 20 | r10 = [in + 8*5]; 21 | r20 = [in + 8*10]; 22 | 23 | s20[0] = r20; 24 | s20[1] = 0; 25 | s20[2] = r10; 26 | s20[3] = 0; 27 | 28 | a00 = #VPBROADCAST_4u64([in + 8*0]); // (0,0) (0,0) (0,0) (0,0) 29 | a01 = (u256)[in + 8*1]; // (0,4) (0,3) (0,2) (0,1) 30 | 31 | state[0] ^= a00; 32 | state[1] ^= a01; 33 | state[2] ^= s20[u256 0]; 34 | 35 | zero = #VPBROADCAST_4u64(s_zero); 36 | 37 | a11 = (u256)[in + 8*6 ]; // (1,4) (1,3) (1,2) (1,1) 38 | 39 | a21 = #VPBROADCAST_2u128((u128)[in + 8*11]); // (2,2) (2,1) (2,2) (2,1) 40 | a21 = #VPBLENDD_256(a21, zero, (8u1)[1,1,1,1,0,0,0,0]); // ___ ___ (2,2) (2,1) 41 | 42 | t31 = #VPBLENDD_256(a11, zero, (8u1)[1,1,1,1,0,0,1,1]); // ___ ___ (1,2) ___ 43 | 44 | t21 = #VPBLENDD_256(a11, a21, (8u1)[0,0,0,0,0,0,1,1]); // (1,4) (1,3) (1,2) (2,1) 45 | t21 = #VPBLENDD_256(t21, zero, (8u1)[1,1,0,0,1,1,0,0]); // ___ (1,3) ___ (2,1) 46 | 47 | t41 = #VPBLENDD_256(a11, zero, (8u1)[0,0,1,1,1,1,1,1]); // (1,4) ___ ___ ___ 48 | t11 = #VPBLENDD_256(a11, a21, (8u1)[1,1,1,1,1,1,0,0]); // ___ ___ (2,2) (1,1) 49 | 50 | state[3] ^= t31; 51 | state[4] ^= t21; 52 | state[5] ^= t41; 53 | state[6] ^= t11; 54 | 55 | in += rate; 56 | inlen -= rate; 57 | 58 | return state, s_state, in, inlen; 59 | } 60 | 61 | #include "crypto_hash/keccak1600/avx2/keccak1600.jazz" 62 | -------------------------------------------------------------------------------- /proof/crypto_hash/keccak1600/Sponge1600.ec: -------------------------------------------------------------------------------- 1 | (*------------------------- Sponge Construction ------------------------*) 2 | 3 | (* Specialization of the Sponge Construction for a 1600bit state *) 4 | 5 | 6 | require import Core Int IntDiv Real List FSet SmtMap. 7 | (*---*) import IntExtra. 8 | require import Distr DBool DList. 9 | require import StdBigop StdOrder. import IntOrder. 10 | 11 | 12 | op rate :int. 13 | axiom rate_bnds: 0 < rate < 1600. 14 | axiom rate_w64: 64 %| rate. 15 | 16 | lemma rate_ge2: 2 <= rate. 17 | proof. 18 | case: (rate = 1) => E. 19 | by rewrite E; smt(rate_w64). 20 | by smt (rate_bnds). 21 | qed. 22 | 23 | require Common. 24 | clone export Common as Common1600 25 | with op r = rate, 26 | op c = 1600-r 27 | proof ge2_r by apply rate_ge2 28 | proof gt0_c by smt (rate_bnds). 29 | 30 | require Indifferentiability. 31 | clone include Indifferentiability with 32 | type p <- block * capacity, 33 | type f_in <- bool list * int, 34 | type f_out <- bool list 35 | 36 | rename 37 | [module] "Indif" as "Experiment" 38 | [module] "GReal" as "RealIndif" 39 | [module] "GIdeal" as "IdealIndif". 40 | 41 | (*------------------------- Sponge Construction ------------------------*) 42 | module (Sponge : CONSTRUCTION) (P : DPRIMITIVE) : FUNCTIONALITY = { 43 | proc init() : unit = {} 44 | 45 | proc f(bs : bool list, n : int) : bool list = { 46 | var z <- []; 47 | var (sa, sc) <- (b0, Capacity.c0); 48 | var i <- 0; 49 | var xs <- pad2blocks bs; 50 | 51 | (* absorption *) 52 | while (xs <> []) { 53 | (sa, sc) <@ P.f(sa +^ head b0 xs, sc); 54 | xs <- behead xs; 55 | } 56 | (* squeezing *) 57 | while (i < (n + r - 1) %/ r) { 58 | z <- z ++ ofblock sa; 59 | i <- i + 1; 60 | if (i < (n + r - 1) %/ r) { 61 | (sa, sc) <@ P.f(sa, sc); 62 | } 63 | } 64 | 65 | return take n z; 66 | } 67 | }. 68 | 69 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/mulx/x25519_sub.jazz: -------------------------------------------------------------------------------- 1 | #ifndef X25519_SUB 2 | #define X25519_SUB 3 | 4 | // h = f - g 5 | // h = (2**0*f0 + 2**64*f1 + 2**128*f2 + 2**192*f3) - 6 | // (2**0*g0 + 2**64*g1 + 2**128*g2 + 2**192*g3) 7 | 8 | fn _fe64_sub_rrs 9 | ( reg u64[4] f, 10 | stack u64[4] g, 11 | reg u64 z 12 | ) -> reg u64[4] 13 | { 14 | inline int i; 15 | reg bool cf; 16 | reg u64[4] h; 17 | 18 | h = f; 19 | 20 | cf, h[0] -= g[0]; 21 | for i=1 to 4 22 | { cf, h[i] -= g[i] - cf; } 23 | 24 | _, z -= z - cf; 25 | z &= 38; 26 | 27 | cf, h[0] -= z; 28 | for i=1 to 4 29 | { cf, h[i] -= 0 - cf; } 30 | 31 | _, z -= z - cf; 32 | z &= 38; 33 | h[0] -= z; 34 | 35 | return h; 36 | } 37 | 38 | fn _fe64_sub_sss(stack u64[4] fs gs) -> stack u64[4] 39 | { 40 | stack u64[4] hs; 41 | reg u64[4] h f; 42 | reg u64 z; 43 | 44 | z = #set0(); 45 | f = fs; 46 | h = _fe64_sub_rrs(f, gs, z); 47 | hs = h; 48 | 49 | return hs; 50 | } 51 | 52 | fn _fe64_sub_rss(stack u64[4] fs gs) -> reg u64[4] 53 | { 54 | stack u64[4] hs; 55 | reg u64[4] h f; 56 | reg u64 z; 57 | 58 | z = #set0(); 59 | f = fs; 60 | h = _fe64_sub_rrs(f, gs, z); 61 | 62 | return h; 63 | } 64 | 65 | fn _fe64_sub_rsr(stack u64[4] fs, reg u64[4] g) -> reg u64[4] 66 | { 67 | inline int i; 68 | reg bool cf; 69 | reg u64[4] h; 70 | reg u64 z; 71 | 72 | z = #set0(); 73 | h = fs; 74 | 75 | cf, h[0] -= g[0]; 76 | for i=1 to 4 77 | { cf, h[i] -= g[i] - cf; } 78 | 79 | _, z -= z - cf; 80 | z &= 38; 81 | 82 | cf, h[0] -= z; 83 | for i=1 to 4 84 | { cf, h[i] -= 0 - cf; } 85 | 86 | _, z -= z - cf; 87 | z &= 38; 88 | h[0] -= z; 89 | 90 | return h; 91 | } 92 | 93 | fn _fe64_sub_ssr(stack u64[4] fs, reg u64[4] g) -> stack u64[4] 94 | { 95 | stack u64[4] hs; 96 | reg u64[4] h; 97 | 98 | h = _fe64_sub_rsr(fs, g); 99 | hs = h; 100 | 101 | return hs; 102 | } 103 | 104 | #endif 105 | -------------------------------------------------------------------------------- /bench/results/poly1305/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | Cycles per byte over message length. 3 | 4 | # libjc 5 | ![libjc](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_cycles_32_16384.svg) 6 | 7 | # libjc / OpenSSL (static) 8 | ![libjc / OpenSSL (static)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_openssl_static_cycles_32_16384.svg) 9 | 10 | # libjc / OpenSSL (static/no-asm) 11 | ![libjc / OpenSSL (static/no-asm)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_openssl_static_no_asm_cycles_32_16384.svg) 12 | 13 | # libjc / Libsodium (static) 14 | ![libjc / Libsodium (static)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_libsodium_static_cycles_32_16384.svg) 15 | 16 | # libjc / Libsodium (static/disable-asm) 17 | ![libjc / Libsodium (static/disable-asm)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_libsodium_static_disable_asm_cycles_32_16384.svg) 18 | 19 | # libjc / Libsodium (static/disable-asm/CompCert 3.6) 20 | ![libjc / Libsodium (static/disable-asm/CompCert 3.6)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_libsodium_static_disable_asm_ccomp_cycles_32_16384.svg) 21 | 22 | # libjc / HACL* 23 | ![libjc / HACL*](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_hacl_star_gcc_cycles_32_16384.svg) 24 | 25 | # libjc / HACL* (CompCert 3.6) 26 | ![libjc / HACL* (CompCert 3.6)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_hacl_star_compcert_cycles_32_16384.svg) 27 | 28 | # libjc / Vale 29 | ![libjc / Vale](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_vale_cycles_32_16384.svg) 30 | 31 | # libjc / SUPERCOP 32 | ![libjc / SUPERCOP](https://github.com/tfaoliveira/libjc/blob/master/bench/results/poly1305/svg/poly1305_libjc_supercop_cycles_32_16384.svg) 33 | 34 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3256/avx2/sha3256.jazz: -------------------------------------------------------------------------------- 1 | #define KECCAK1600_ADD_FULL_BLOCK_IMPLEMENTATION 1 2 | 3 | u64 s_zero = 0; 4 | 5 | fn add_full_block( 6 | reg u256[7] state, 7 | stack u64[28] s_state, 8 | reg u64 a_jagged, 9 | reg u64 in inlen, 10 | reg u64 rate 11 | ) -> reg u256[7], stack u64[28], reg u64, reg u64 12 | { 13 | reg u256 a00, a01, a11, a21, a31; 14 | reg u256 t11 t41 t31 t21; 15 | reg u256 zero; 16 | reg u64 r10 r20 r30; 17 | stack u64[4] s20; 18 | 19 | r10 = [in + 8*5]; 20 | r20 = [in + 8*10]; 21 | r30 = [in + 8*15]; 22 | 23 | s20[0] = r20; 24 | s20[1] = 0; 25 | s20[2] = r10; 26 | s20[3] = r30; 27 | 28 | a00 = #VPBROADCAST_4u64([in + 8*0]); // (0,0) (0,0) (0,0) (0,0) 29 | a01 = (u256)[in + 8*1]; // (0,4) (0,3) (0,2) (0,1) 30 | 31 | state[0] ^= a00; 32 | state[1] ^= a01; 33 | state[2] ^= s20[u256 0]; 34 | 35 | a11 = (u256)[in + 8*6 ]; // (1,4) (1,3) (1,2) (1,1) 36 | a21 = (u256)[in + 8*11]; // (2,4) (2,3) (2,2) (2,1) 37 | a31 = #VPBROADCAST_4u64([in + 8*16]); // (3,1) (3,1) (3,1) (3,1) 38 | 39 | t41 = #VPBLENDD_256(a21, a11, (8u1)[1,1,0,0,0,0,1,1]); // (1,4) (2,3) (2,2) (1,1) 40 | t31 = #VPBLENDD_256(a21, a11, (8u1)[0,0,1,1,1,1,0,0]); // (2,4) (1,3) (1,2) (2,1) 41 | 42 | zero = #VPBROADCAST_4u64(s_zero); 43 | 44 | t11 = #VPBLENDD_256(t41, zero, (8u1)[1,1,1,1,0,0,0,0]); // ___ ___ (2,2) (1,1) 45 | t21 = #VPBLENDD_256(t31, zero, (8u1)[1,1,0,0,1,1,0,0]); // ___ (1,3) ___ (2,1) 46 | t31 = #VPBLENDD_256(t31, zero, (8u1)[0,0,1,1,0,0,1,1]); // (2,4) ___ (1,2) ___ 47 | 48 | state[6] ^= t11; 49 | state[4] ^= t21; 50 | 51 | t41 = #VPBLENDD_256(t41, zero, (8u1)[0,0,0,0,1,1,1,1]); // (1,4) (2,3) ___ ___ 52 | t31 = #VPBLENDD_256(t31, a31, (8u1)[0,0,0,0,0,0,1,1]); // (2,4) ___ (1,2) (3,1) 53 | 54 | state[5] ^= t41; 55 | state[3] ^= t31; 56 | 57 | in += rate; 58 | inlen -= rate; 59 | 60 | return state, s_state, in, inlen; 61 | } 62 | 63 | #include "crypto_hash/keccak1600/avx2/keccak1600.jazz" 64 | -------------------------------------------------------------------------------- /src/crypto_hash/shake256/avx2/shake256.jazz: -------------------------------------------------------------------------------- 1 | #ifdef KECCAK_1600_SPECIFIC_IMPLEMENTATIONS 2 | #define KECCAK1600_ADD_FULL_BLOCK_IMPLEMENTATION 1 3 | 4 | u64 s_zero = 0; 5 | 6 | fn add_full_block( 7 | reg u256[7] state, 8 | stack u64[28] s_state, 9 | reg u64 a_jagged, 10 | reg u64 in inlen, 11 | reg u64 rate 12 | ) -> reg u256[7], stack u64[28], reg u64, reg u64 13 | { 14 | reg u256 a00, a01, a11, a21, a31; 15 | reg u256 t11 t41 t31 t21; 16 | reg u256 zero; 17 | reg u64 r10 r20 r30; 18 | stack u64[4] s20; 19 | 20 | r10 = [in + 8*5]; 21 | r20 = [in + 8*10]; 22 | r30 = [in + 8*15]; 23 | 24 | s20[0] = r20; 25 | s20[1] = 0; 26 | s20[2] = r10; 27 | s20[3] = r30; 28 | 29 | a00 = #VPBROADCAST_4u64([in + 8*0]); // (0,0) (0,0) (0,0) (0,0) 30 | a01 = (u256)[in + 8*1]; // (0,4) (0,3) (0,2) (0,1) 31 | 32 | state[0] ^= a00; 33 | state[1] ^= a01; 34 | state[2] ^= s20[u256 0]; 35 | 36 | a11 = (u256)[in + 8*6 ]; // (1,4) (1,3) (1,2) (1,1) 37 | a21 = (u256)[in + 8*11]; // (2,4) (2,3) (2,2) (2,1) 38 | a31 = #VPBROADCAST_4u64([in + 8*16]); // (3,1) (3,1) (3,1) (3,1) 39 | 40 | t41 = #VPBLENDD_256(a21, a11, (8u1)[1,1,0,0,0,0,1,1]); // (1,4) (2,3) (2,2) (1,1) 41 | t31 = #VPBLENDD_256(a21, a11, (8u1)[0,0,1,1,1,1,0,0]); // (2,4) (1,3) (1,2) (2,1) 42 | 43 | zero = #VPBROADCAST_4u64(s_zero); 44 | 45 | t11 = #VPBLENDD_256(t41, zero, (8u1)[1,1,1,1,0,0,0,0]); // ___ ___ (2,2) (1,1) 46 | t21 = #VPBLENDD_256(t31, zero, (8u1)[1,1,0,0,1,1,0,0]); // ___ (1,3) ___ (2,1) 47 | t31 = #VPBLENDD_256(t31, zero, (8u1)[0,0,1,1,0,0,1,1]); // (2,4) ___ (1,2) ___ 48 | 49 | state[6] ^= t11; 50 | state[4] ^= t21; 51 | 52 | t41 = #VPBLENDD_256(t41, zero, (8u1)[0,0,0,0,1,1,1,1]); // (1,4) (2,3) ___ ___ 53 | t31 = #VPBLENDD_256(t31, a31, (8u1)[0,0,0,0,0,0,1,1]); // (2,4) ___ (1,2) (3,1) 54 | 55 | state[5] ^= t41; 56 | state[3] ^= t31; 57 | 58 | in += rate; 59 | inlen -= rate; 60 | 61 | return state, s_state, in, inlen; 62 | } 63 | #endif 64 | 65 | #include "crypto_hash/keccak1600/avx2/keccak1600.jazz" 66 | -------------------------------------------------------------------------------- /src/crypto_hash/shake128/avx2/shake128.jazz: -------------------------------------------------------------------------------- 1 | #define KECCAK1600_ADD_FULL_BLOCK_IMPLEMENTATION 1 2 | 3 | u64 s_zero = 0; 4 | 5 | fn add_full_block( 6 | reg u256[7] state, 7 | stack u64[28] s_state, 8 | reg u64 a_jagged, 9 | reg u64 in inlen, 10 | reg u64 rate 11 | ) -> reg u256[7], stack u64[28], reg u64, reg u64 12 | { 13 | reg u256 a00 a01 a11 a21 a31 a32; 14 | reg u256 t11 t41 t31 t21; 15 | reg u256 zero; 16 | reg u64 r10 r20 r30 r40; 17 | stack u64[4] s20; 18 | 19 | r10 = [in + 8*5]; 20 | r20 = [in + 8*10]; 21 | r30 = [in + 8*15]; 22 | r40 = [in + 8*20]; 23 | 24 | s20[0] = r20; 25 | s20[1] = r40; 26 | s20[2] = r10; 27 | s20[3] = r30; 28 | 29 | a00 = #VPBROADCAST_4u64([in + 8*0]); // (0,0) (0,0) (0,0) (0,0) 30 | a01 = (u256)[in + 8*1]; // (0,4) (0,3) (0,2) (0,1) 31 | 32 | state[0] ^= a00; 33 | state[1] ^= a01; 34 | state[2] ^= s20[u256 0]; 35 | 36 | zero = #VPBROADCAST_4u64(s_zero); 37 | 38 | a11 = (u256)[in + 8*6 ]; // (1,4) (1,3) (1,2) (1,1) 39 | a21 = (u256)[in + 8*11]; // (2,4) (2,3) (2,2) (2,1) 40 | a31 = (u256)[in + 8*16]; // (3,4) (3,3) (3,2) (3,1) 41 | 42 | a32 = #VPBLENDD_256(a31, zero, (8u1)[1,1,0,0,0,0,1,1]); // ___ (3,3) (3,2) ___ 43 | a31 = #VPBLENDD_256(a31, zero, (8u1)[0,0,1,1,1,1,0,0]); // (3,4) ___ ___ (3,1) 44 | 45 | t41 = #VPBLENDD_256(a21, a11, (8u1)[1,1,0,0,0,0,1,1]); // (1,4) (2,3) (2,2) (1,1) 46 | t31 = #VPBLENDD_256(a21, a11, (8u1)[0,0,1,1,1,1,0,0]); // (2,4) (1,3) (1,2) (2,1) 47 | 48 | 49 | t11 = #VPBLENDD_256(t41, a32, (8u1)[1,1,1,1,0,0,0,0]); // ___ (3,3) (2,2) (1,1) 50 | t21 = #VPBLENDD_256(t31, a31, (8u1)[1,1,0,0,1,1,0,0]); // (3,4) (1,3) ___ (2,1) 51 | t31 = #VPBLENDD_256(t31, a31, (8u1)[0,0,1,1,0,0,1,1]); // (2,4) ___ (1,2) (3,1) 52 | 53 | state[6] ^= t11; 54 | 55 | t41 = #VPBLENDD_256(t41, a32, (8u1)[0,0,0,0,1,1,1,1]); // (1,4) (2,3) (3,2) ___ 56 | 57 | state[4] ^= t21; 58 | state[3] ^= t31; 59 | state[5] ^= t41; 60 | 61 | in += rate; 62 | inlen -= rate; 63 | 64 | return state, s_state, in, inlen; 65 | } 66 | 67 | #include "crypto_hash/keccak1600/avx2/keccak1600.jazz" 68 | -------------------------------------------------------------------------------- /src/crypto_hash/sha3224/avx2/sha3224.jazz: -------------------------------------------------------------------------------- 1 | #define KECCAK1600_ADD_FULL_BLOCK_IMPLEMENTATION 1 2 | 3 | u64 s_zero = 0; 4 | 5 | fn add_full_block( 6 | reg u256[7] state, 7 | stack u64[28] s_state, 8 | reg u64 a_jagged, 9 | reg u64 in inlen, 10 | reg u64 rate 11 | ) -> reg u256[7], stack u64[28], reg u64, reg u64 12 | { 13 | reg u256 a00 a01 a11 a21 a31 a32; 14 | reg u256 t11 t41 t31 t21; 15 | reg u256 zero; 16 | reg u64 r10 r20 r30; 17 | stack u64[4] s20; 18 | 19 | r10 = [in + 8*5]; 20 | r20 = [in + 8*10]; 21 | r30 = [in + 8*15]; 22 | 23 | s20[0] = r20; 24 | s20[1] = 0; 25 | s20[2] = r10; 26 | s20[3] = r30; 27 | 28 | a00 = #VPBROADCAST_4u64([in + 8*0]); // (0,0) (0,0) (0,0) (0,0) 29 | a01 = (u256)[in + 8*1]; // (0,4) (0,3) (0,2) (0,1) 30 | 31 | state[0] ^= a00; 32 | state[1] ^= a01; 33 | state[2] ^= s20[u256 0]; 34 | 35 | zero = #VPBROADCAST_4u64(s_zero); 36 | 37 | a11 = (u256)[in + 8*6 ]; // (1,4) (1,3) (1,2) (1,1) 38 | a21 = (u256)[in + 8*11]; // (2,4) (2,3) (2,2) (2,1) 39 | a31 = #VPBROADCAST_2u128((u128)[in + 8*16]); // (3,2) (3,1) (3,2) (3,1) 40 | 41 | a32 = #VPBLENDD_256(a31, zero, (8u1)[1,1,1,1,0,0,1,1]); // ___ ___ (3,2) ___ 42 | a31 = #VPBLENDD_256(a31, zero, (8u1)[1,1,1,1,1,1,0,0]); // ___ ___ ___ (3,1) 43 | 44 | t41 = #VPBLENDD_256(a21, a11, (8u1)[1,1,0,0,0,0,1,1]); // (1,4) (2,3) (2,2) (1,1) 45 | t31 = #VPBLENDD_256(a21, a11, (8u1)[0,0,1,1,1,1,0,0]); // (2,4) (1,3) (1,2) (2,1) 46 | 47 | 48 | t11 = #VPBLENDD_256(t41, zero, (8u1)[1,1,1,1,0,0,0,0]); // ___ ___ (2,2) (1,1) 49 | t21 = #VPBLENDD_256(t31, zero, (8u1)[1,1,0,0,1,1,0,0]); // ___ (1,3) ___ (2,1) 50 | t31 = #VPBLENDD_256(t31, a31, (8u1)[0,0,1,1,0,0,1,1]); // (2,4) ___ (1,2) (3,1) 51 | 52 | state[6] ^= t11; 53 | 54 | t41 = #VPBLENDD_256(t41, a32, (8u1)[0,0,0,0,1,1,1,1]); // (1,4) (2,3) (3,2) ___ 55 | 56 | state[4] ^= t21; 57 | state[3] ^= t31; 58 | state[5] ^= t41; 59 | 60 | in += rate; 61 | inlen -= rate; 62 | 63 | return state, s_state, in, inlen; 64 | } 65 | 66 | #include "crypto_hash/keccak1600/avx2/keccak1600.jazz" 67 | -------------------------------------------------------------------------------- /bench/patch/20190110/crypto_hash/measure.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "kernelrandombytes.h" 3 | #include "cpucycles.h" 4 | #include "crypto_hash.h" 5 | #include "measure.h" 6 | 7 | const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; 8 | const char *implementationversion = crypto_hash_VERSION; 9 | const char *sizenames[] = { "outputbytes", 0 }; 10 | const long long sizes[] = { crypto_hash_BYTES }; 11 | 12 | #define MAXTEST_BYTES 16384 13 | 14 | static unsigned char *h; 15 | static unsigned char *m; 16 | 17 | void preallocate(void) 18 | { 19 | } 20 | 21 | void allocate(void) 22 | { 23 | h = alignedcalloc(crypto_hash_BYTES); 24 | m = alignedcalloc(MAXTEST_BYTES); 25 | } 26 | 27 | #define WARM_TIMINGS (16) 28 | #define TIMINGS (256) 29 | #define LOOPS 3 30 | 31 | static long long cycles[TIMINGS + 1]; 32 | 33 | int update_increment_setup1(int mlen) 34 | { 35 | if(mlen < 64) 36 | return 1; 37 | if(mlen < 128) 38 | return 2; 39 | if(mlen < 256) 40 | return 4; 41 | if(mlen < 512) 42 | return 8; 43 | if(mlen < 1024) 44 | return 16; 45 | if(mlen < 2048) 46 | return 32; 47 | if(mlen < 4096) 48 | return 64; 49 | if(mlen < 8192) 50 | return 128; 51 | if(mlen < 16384) 52 | return 256; 53 | return 512; 54 | } 55 | 56 | int update_increment(int mlen) 57 | { 58 | return update_increment_setup1(mlen); 59 | } 60 | 61 | static void printcycles(long long mlen) 62 | { 63 | int i; 64 | for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; 65 | printentry(mlen,"cycles",cycles,TIMINGS); 66 | } 67 | 68 | void measure(void) 69 | { 70 | int i; 71 | int loop; 72 | int mlen; 73 | int inc = 1; 74 | 75 | for (loop = 0;loop < LOOPS;++loop) { 76 | for (mlen = 1;mlen <= MAXTEST_BYTES;mlen += inc) { 77 | 78 | kernelrandombytes(m,mlen); 79 | 80 | // warm up 81 | for (i = 0;i < WARM_TIMINGS;++i) { 82 | crypto_hash(h,m,mlen); 83 | } 84 | 85 | // measure 86 | for (i = 0;i <= TIMINGS;++i) { 87 | cycles[i] = cpucycles(); 88 | crypto_hash(h,m,mlen); 89 | } 90 | 91 | printcycles(mlen); 92 | 93 | inc = update_increment(mlen); 94 | } 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /bench/patch/20190910/crypto_hash/measure.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "kernelrandombytes.h" 3 | #include "cpucycles.h" 4 | #include "crypto_hash.h" 5 | #include "measure.h" 6 | 7 | const char *primitiveimplementation = crypto_hash_IMPLEMENTATION; 8 | const char *implementationversion = crypto_hash_VERSION; 9 | const char *sizenames[] = { "outputbytes", 0 }; 10 | const long long sizes[] = { crypto_hash_BYTES }; 11 | 12 | #define MAXTEST_BYTES 16384 13 | 14 | static unsigned char *h; 15 | static unsigned char *m; 16 | 17 | void preallocate(void) 18 | { 19 | } 20 | 21 | void allocate(void) 22 | { 23 | h = alignedcalloc(crypto_hash_BYTES); 24 | m = alignedcalloc(MAXTEST_BYTES); 25 | } 26 | 27 | #define WARM_TIMINGS (16) 28 | #define TIMINGS (256) 29 | #define LOOPS 3 30 | 31 | static long long cycles[TIMINGS + 1]; 32 | 33 | int update_increment_setup1(int mlen) 34 | { 35 | if(mlen < 64) 36 | return 1; 37 | if(mlen < 128) 38 | return 2; 39 | if(mlen < 256) 40 | return 4; 41 | if(mlen < 512) 42 | return 8; 43 | if(mlen < 1024) 44 | return 16; 45 | if(mlen < 2048) 46 | return 32; 47 | if(mlen < 4096) 48 | return 64; 49 | if(mlen < 8192) 50 | return 128; 51 | if(mlen < 16384) 52 | return 256; 53 | return 512; 54 | } 55 | 56 | int update_increment(int mlen) 57 | { 58 | return update_increment_setup1(mlen); 59 | } 60 | 61 | static void printcycles(long long mlen) 62 | { 63 | int i; 64 | for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; 65 | printentry(mlen,"cycles",cycles,TIMINGS); 66 | } 67 | 68 | void measure(void) 69 | { 70 | int i; 71 | int loop; 72 | int mlen; 73 | int inc = 1; 74 | 75 | for (loop = 0;loop < LOOPS;++loop) { 76 | for (mlen = 1;mlen <= MAXTEST_BYTES;mlen += inc) { 77 | 78 | kernelrandombytes(m,mlen); 79 | 80 | // warm up 81 | for (i = 0;i < WARM_TIMINGS;++i) { 82 | crypto_hash(h,m,mlen); 83 | } 84 | 85 | // measure 86 | for (i = 0;i <= TIMINGS;++i) { 87 | cycles[i] = cpucycles(); 88 | crypto_hash(h,m,mlen); 89 | } 90 | 91 | printcycles(mlen); 92 | 93 | inc = update_increment(mlen); 94 | } 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | # -*- Makefile -*- 2 | 3 | # -------------------------------------------------------------------- 4 | SUBDIRS := \ 5 | crypto_core/keccakf160064bits/ref \ 6 | crypto_core/keccakf160064bits/scalar \ 7 | crypto_core/keccakf160064bits/avx2 \ 8 | crypto_core/keccakf160064bits/avx2_openssl \ 9 | \ 10 | crypto_hash/keccak1600/ref \ 11 | crypto_hash/keccak1600/scalar \ 12 | crypto_hash/keccak1600/avx2 \ 13 | \ 14 | crypto_hash/sha3224/scalar \ 15 | crypto_hash/sha3224/avx2 \ 16 | \ 17 | crypto_hash/sha3256/scalar \ 18 | crypto_hash/sha3256/avx2 \ 19 | \ 20 | crypto_hash/sha3384/scalar \ 21 | crypto_hash/sha3384/avx2 \ 22 | \ 23 | crypto_hash/sha3512/scalar \ 24 | crypto_hash/sha3512/avx2 \ 25 | \ 26 | crypto_hash/shake128/scalar \ 27 | crypto_hash/shake128/avx2 \ 28 | \ 29 | crypto_hash/shake256/ref \ 30 | crypto_hash/shake256/scalar \ 31 | crypto_hash/shake256/avx2 \ 32 | \ 33 | crypto_onetimeauth/poly1305/ref3 \ 34 | crypto_onetimeauth/poly1305/avx \ 35 | crypto_onetimeauth/poly1305/avx2 \ 36 | \ 37 | crypto_stream/chacha20/ref \ 38 | crypto_stream/chacha20/avx \ 39 | crypto_stream/chacha20/avx2 \ 40 | \ 41 | crypto_scalarmult/curve25519/ref4 \ 42 | crypto_scalarmult/curve25519/mulx 43 | 44 | # -------------------------------------------------------------------- 45 | SRC := $(shell find crypto_* -name '*.c') 46 | ASM := $(shell find crypto_* -name '*.s') 47 | OBJ := $(SRC:%.c=_build/%.o) $(ASM:%.s=_build/%.o) 48 | AS := as 49 | CC := gcc 50 | CFLAGS := -Wall -Ofast 51 | 52 | # -------------------------------------------------------------------- 53 | .PHONY: default clean __real_libjc __force 54 | 55 | default: libjc.a 56 | 57 | jasmin: 58 | for i in $(SUBDIRS); do $(MAKE) -C $$i; done 59 | 60 | libjc.a: jasmin __force 61 | $(MAKE) __real_libjc 62 | 63 | __real_libjc: $(OBJ) 64 | ar -rc libjc.a $(OBJ) && ranlib libjc.a 65 | 66 | _build/%.c: %.c 67 | @mkdir -p _build/`dirname $<`; cp $< _build/`dirname $<` 68 | @echo '$< --> _build/' 69 | 70 | _build/%.s: %.s 71 | @mkdir -p _build/`dirname $<`; cp $< _build/`dirname $<` 72 | @echo '$< --> _build/' 73 | 74 | clean: 75 | for i in $(SUBDIRS); do $(MAKE) -C $$i clean; done 76 | rm -fr _build libjc.a 77 | -------------------------------------------------------------------------------- /bench/results/chacha20/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | Cycles per byte over message length. 3 | 4 | # libjc 5 | ![libjc](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_xor_cycles_32_16384.svg) 6 | 7 | # libjc / OpenSSL (static) 8 | ![libjc / OpenSSL (static)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_openssl_static_xor_cycles_32_16384.svg) 9 | 10 | # libjc / OpenSSL (static/no-asm) 11 | ![libjc / OpenSSL (static/no-asm)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_openssl_static_no_asm_xor_cycles_32_16384.svg) 12 | 13 | # libjc / Libsodium (static) 14 | ![libjc / Libsodium (static)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_libsodium_static_xor_cycles_32_16384.svg) 15 | 16 | # libjc / Libsodium (static/disable-asm) 17 | ![libjc / Libsodium (static/disable-asm)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_libsodium_static_disable_asm_xor_cycles_32_16384.svg) 18 | 19 | # libjc / Libsodium (static/disable-asm/CompCert 3.6) 20 | ![libjc / Libsodium (static/disable-asm/CompCert 3.6)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_libsodium_static_disable_asm_ccomp_xor_cycles_32_16384.svg) 21 | 22 | # libjc / HACL* 23 | ![libjc / HACL*](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_hacl_star_gcc_xor_cycles_32_16384.svg) 24 | 25 | # libjc / HACL* (CompCert 3.6) 26 | ![libjc / HACL* (CompCert 3.6)](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_hacl_star_compcert_xor_cycles_32_16384.svg) 27 | 28 | # libjc / Usuba 29 | ![libjc / Vale](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_usuba_xor_cycles_32_16384.svg) 30 | 31 | # libjc / SUPERCOP 32 | ![libjc / SUPERCOP](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_supercop_xor_cycles_32_16384.svg) 33 | 34 | # libjc / SUPERCOP 35 | ![libjc / SUPERCOP](https://github.com/tfaoliveira/libjc/blob/master/bench/results/chacha20/svg/chacha20_libjc_supercop_v2_xor_cycles_32_16384.svg) 36 | 37 | -------------------------------------------------------------------------------- /proof/crypto_core/keccakf160064bits/Keccakf1600_pref_op.ec: -------------------------------------------------------------------------------- 1 | require import List Int IntExtra IntDiv CoreMap. 2 | from Jasmin require import JModel. 3 | 4 | require import Array5 Array24 Array25. 5 | require import WArray40 WArray192 WArray200. 6 | require import Ops. 7 | require import Keccakf1600_sref. 8 | 9 | op iotas : W64.t Array24.t = (( 10 | witness 11 | .[0 <- W64.one] 12 | .[1 <- W64.of_int 32898] 13 | .[2 <- W64.of_int 9223372036854808714] 14 | .[3 <- W64.of_int 9223372039002292224] 15 | .[4 <- W64.of_int 32907] 16 | .[5 <- W64.of_int 2147483649] 17 | .[6 <- W64.of_int 9223372039002292353] 18 | .[7 <- W64.of_int 9223372036854808585] 19 | .[8 <- W64.of_int 138] 20 | .[9 <- W64.of_int 136] 21 | .[10 <- W64.of_int 2147516425] 22 | .[11 <- W64.of_int 2147483658] 23 | .[12 <- W64.of_int 2147516555] 24 | .[13 <- W64.of_int 9223372036854775947] 25 | .[14 <- W64.of_int 9223372036854808713] 26 | .[15 <- W64.of_int 9223372036854808579] 27 | .[16 <- W64.of_int 9223372036854808578] 28 | .[17 <- W64.of_int 9223372036854775936] 29 | .[18 <- W64.of_int 32778] 30 | .[19 <- W64.of_int 9223372039002259466] 31 | .[20 <- W64.of_int 9223372039002292353] 32 | .[21 <- W64.of_int 9223372036854808704] 33 | .[22 <- W64.of_int 2147483649] 34 | .[23 <- W64.of_int 9223372039002292232])%Array24). 35 | 36 | module Mrefop = { 37 | include M [-keccakRoundConstants,__keccakf1600_ref] 38 | 39 | proc keccakRoundConstants () : W64.t Array24.t = { 40 | return iotas; 41 | } 42 | 43 | proc __keccakf1600_ref (state:W64.t Array25.t) : W64.t Array25.t = { 44 | var aux: int; 45 | 46 | var constants:W64.t Array24.t; 47 | var round:int; 48 | constants <- witness; 49 | constants <@ keccakRoundConstants (); 50 | round <- 0; 51 | while (round < 24) { 52 | state <@ keccakP1600_round (state, constants.[round]); 53 | round <- round + 1; 54 | } 55 | return (state); 56 | } 57 | }. 58 | 59 | equiv ref_refop : 60 | M.__keccakf1600_ref ~ Mrefop.__keccakf1600_ref : 61 | ={Glob.mem,arg} ==> ={Glob.mem,res}. 62 | proc. 63 | seq 3 3 : (#pre /\ ={round, constants}). 64 | by inline *;auto => />. 65 | by sim. 66 | qed. 67 | -------------------------------------------------------------------------------- /proof/crypto_hash/keccak1600/Indifferentiability.eca: -------------------------------------------------------------------------------- 1 | (** A primitive: the building block we assume ideal **) 2 | type p. 3 | 4 | module type PRIMITIVE = { 5 | proc init(): unit 6 | proc f(x : p): p 7 | proc fi(x : p): p 8 | }. 9 | 10 | module type DPRIMITIVE = { 11 | proc f(x : p): p 12 | proc fi(x : p): p 13 | }. 14 | 15 | (** A functionality: the target construction **) 16 | type f_in, f_out. 17 | 18 | module type FUNCTIONALITY = { 19 | proc init(): unit 20 | proc f(x : f_in): f_out 21 | }. 22 | 23 | module type DFUNCTIONALITY = { 24 | proc f(x : f_in): f_out 25 | }. 26 | 27 | (** A construction takes a primitive and builds a functionality. 28 | A simulator takes a functionality and simulates the primitive. 29 | A distinguisher gets oracle access to a primitive and a 30 | functionality and returns a boolean (its guess as to whether it 31 | is playing with constructed functionality and ideal primitive or 32 | with ideal functionality and simulated primitive). **) 33 | module type CONSTRUCTION (P : DPRIMITIVE) = { 34 | proc init() : unit {} 35 | proc f(x : f_in): f_out { P.f } 36 | }. 37 | 38 | module type SIMULATOR (F : DFUNCTIONALITY) = { 39 | proc init() : unit { } 40 | proc f(x : p) : p { F.f } 41 | proc fi(x : p) : p { F.f } 42 | }. 43 | 44 | module type DISTINGUISHER (F : DFUNCTIONALITY, P : DPRIMITIVE) = { 45 | proc distinguish(): bool 46 | }. 47 | 48 | module Indif (F : FUNCTIONALITY, P : PRIMITIVE, D : DISTINGUISHER) = { 49 | proc main(): bool = { 50 | var b; 51 | 52 | P.init(); 53 | F.init(); 54 | b <@ D(F,P).distinguish(); 55 | return b; 56 | } 57 | }. 58 | 59 | (* Using the name Real can be a bad idea, since it can clash with the theory Real *) 60 | module GReal(C : CONSTRUCTION, P : PRIMITIVE) = Indif(C(P),P). 61 | module GIdeal(F : FUNCTIONALITY, S : SIMULATOR) = Indif(F,S(F)). 62 | 63 | (* (C <: CONSTRUCTION) applied to (P <: PRIMITIVE) is indifferentiable 64 | from (F <: FUNCTIONALITY) if there exists (S <: SIMULATOR) such 65 | that, for all (D <: DISTINGUISHER), 66 | | Pr[Real(P,C,D): res] - Pr[Ideal(F,S,D): res] | is small. 67 | We avoid the existential by providing a concrete construction for S 68 | and the `small` by providing a concrete bound. *) 69 | -------------------------------------------------------------------------------- /bench/results/keccak/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | Cycles per byte over message length. 3 | 4 | # shake256 5 | ## libjc / OpenSSL 6 | ![shake256 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/shake256_openssl_cycles_128_16384.svg) 7 | ## libjc / EverCrypt 8 | ![shake256 - libjc / EverCrypt](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/shake256_evercrypt_cycles_128_16384.svg) 9 | 10 | 11 | 12 | # shake128 13 | ## libjc / OpenSSL 14 | ![shake128 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/shake128_openssl_cycles_128_16384.svg) 15 | ## libjc / EverCrypt 16 | ![shake128 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/shake128_evercrypt_cycles_128_16384.svg) 17 | 18 | 19 | # sha3-512 20 | ## libjc / OpenSSL 21 | ![sha3-512 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3512_openssl_cycles_128_16384.svg) 22 | ## libjc / EverCrypt 23 | ![sha3-512 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3512_evercrypt_cycles_128_16384.svg) 24 | 25 | 26 | # sha3-384 27 | ## libjc / OpenSSL 28 | ![sha3-384 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3384_openssl_cycles_128_16384.svg) 29 | ## libjc / EverCrypt 30 | ![sha3-384 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3384_evercrypt_cycles_128_16384.svg) 31 | 32 | 33 | # sha3-256 34 | ## libjc / OpenSSL 35 | ![sha3-256 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3256_openssl_cycles_128_16384.svg) 36 | ## libjc / EverCrypt 37 | ![sha3-256 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3256_evercrypt_cycles_128_16384.svg) 38 | 39 | 40 | # sha3-224 41 | ## libjc / OpenSSL 42 | ![sha3-224 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3224_openssl_cycles_128_16384.svg) 43 | ## libjc / EverCrypt 44 | ![sha3-224 - libjc / OpenSSL](https://github.com/tfaoliveira/libjc/blob/master/bench/results/keccak/svg/sha3224_evercrypt_cycles_128_16384.svg) 45 | 46 | 47 | -------------------------------------------------------------------------------- /src/crypto_scalarmult/curve25519/mulx/x25519_invert.jazz: -------------------------------------------------------------------------------- 1 | #ifndef X25519_INVERT 2 | #define X25519_INVERT 3 | #include "x25519_sqr.jazz" 4 | #include "x25519_mul.jazz" 5 | 6 | // supercop * / crypto_scalarmult / curve25519 ref10 implementation 7 | fn _fe64_invert(reg u64[4] f) -> reg u64[4] 8 | { 9 | stack u64 i; 10 | stack u64[4] fs t0s t1s t2s t3s; 11 | reg u64[4] t0 t1 t2 t3; 12 | 13 | fs = f; 14 | 15 | // z2 = z1^2^1 16 | t0 = _fe64_sqr_rr(f); 17 | t0s = t0; 18 | 19 | // z8 = z2^2^2 20 | t1 = _fe64_sqr_rr(t0); 21 | t1 = _fe64_sqr_rr(t1); 22 | 23 | // z9 = z1*z8 24 | t1 = _fe64_mul_rsr(fs,t1); 25 | t1s = t1; 26 | 27 | // z11 = z2*z9 28 | t0 = _fe64_mul_rsr(t0s,t1); 29 | t0s = t0; 30 | 31 | // z22 = z11^2^1 32 | t2 = _fe64_sqr_rr(t0); 33 | 34 | // z_5_0 = z9*z22 35 | t1 = _fe64_mul_rsr(t1s,t2); 36 | t1s = t1; 37 | 38 | // z_10_5 = z_5_0^2^5 39 | t2 = _fe64_sqr_rr(t1); 40 | i = 4; i, t2 = _fe64_it_sqr(i, t2); 41 | t2s = t2; 42 | 43 | // z_10_0 = z_10_5*z_5_0 44 | t1 = _fe64_mul_rsr(t1s,t2); 45 | t1s = t1; 46 | 47 | // z_20_10 = z_10_0^2^10 48 | i = 10; i, t2 = _fe64_it_sqr(i, t1); 49 | 50 | // z_20_0 = z_20_10*z_10_0 51 | t2 = _fe64_mul_rsr(t1s,t2); 52 | t2s = t2; 53 | 54 | // z_40_20 = z_20_0^2^20 55 | i = 20; i, t3 = _fe64_it_sqr(i, t2); 56 | 57 | // z_40_0 = z_40_20*z_20_0 58 | t2 = _fe64_mul_rsr(t2s,t3); 59 | 60 | // z_50_10 = z_40_0^2^10 61 | i = 10; i, t2 = _fe64_it_sqr(i, t2); 62 | 63 | // z_50_0 = z_50_10*z_10_0 64 | t1 = _fe64_mul_rsr(t1s,t2); 65 | t1s = t1; 66 | 67 | // z_100_50 = z_50_0^2^50 68 | i = 50; i, t2 = _fe64_it_sqr(i, t1); 69 | 70 | // z_100_0 = z_100_50*z_50_0 71 | t2 = _fe64_mul_rsr(t1s,t2); 72 | t2s = t2; 73 | 74 | // z_200_100 = z_100_0^2^100 75 | i = 100; i, t3 = _fe64_it_sqr(i, t2); 76 | 77 | // z_200_0 = z_200_100*z_100_0 78 | t2 = _fe64_mul_rsr(t2s,t3); 79 | 80 | // z_250_50 = z_200_0^2^50 81 | i = 50; i, t2 = _fe64_it_sqr(i, t2); 82 | 83 | // z_250_0 = z_250_50*z_50_0 84 | t1 = _fe64_mul_rsr(t1s,t2); 85 | 86 | // z_255_5 = z_250_0^2^5 87 | i = 4; i, t1 = _fe64_it_sqr(i, t1); 88 | t1 = _fe64_sqr_rr(t1); 89 | 90 | // z_255_21 = z_255_5*z11 91 | t1 = _fe64_mul_rsr(t0s,t1); 92 | 93 | return t1; 94 | } 95 | 96 | #endif 97 | --------------------------------------------------------------------------------