Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clang 5.0/6.0, CHAM-64/ECB and failed self test at -O1 #677

Closed
noloader opened this issue Jun 30, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@noloader
Copy link
Collaborator

commented Jun 30, 2018

We are experiencing a failed self test using Clang 5.0/6.0 for CHAM-64/ECB at -O1 on Intel platforms. The Intel platforms engage SSSE3 instructions. Clang at other optimization levels is OK. Other compilers are OK.

Here is how to reproduce with the library. We have not been able to reduce it to a Minimal, Complete, and Verifiable example for Clang. We attempted to clear it two times with no joy. First, Commit 1be58db82868, which avoids some casts that are typically present in SSE code. Second, Commit 810f5c185991, which avoids casting among types.

In the output below, notice the "incorrectly decrypted". That means the encryptor worked fine because encryption is the first test performed on the data. The problem is in the decryptor.

$ make distclean
$ CXX=clang++ CXXFLAGS="-g2 -O1" make -j 5

$ ./cryptest.exe tv cham
Using seed: 1530401073

Testing SymmetricCipher algorithm CHAM-64/ECB.

incorrectly decrypted: C73FEFF35B67E0A8
AlgorithmType: SymmetricCipher
Ciphertext: 453c 63bc dcfa bf4e
Comment: CHAM-64/ECB, 128-bit key
Key: 0100 0302 0504 0706 0908 0b0a 0d0c 0f0e
Name: CHAM-64/ECB
Plaintext: 1100 3322 5544 7766
Source: CHAM paper, Appendix A, test vector 1
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 9D4DB8AF2B142E2C
AlgorithmType: SymmetricCipher
Ciphertext: ceda d4dc 00e3 800d
Comment: CHAM-64/ECB, 128-bit key
Key: 0277 0a9e a270 1fed 460c c269 9163 e519
Name: CHAM-64/ECB
Plaintext: 704a 4e91 eb9b 688d
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 91D64CC6A4EB2057
AlgorithmType: SymmetricCipher
Ciphertext: e1af b96f 3079 4233
Comment: CHAM-64/ECB, 128-bit key
Key: 24cd a3e2 c167 92f3 40b6 0017 cabc 07c4
Name: CHAM-64/ECB
Plaintext: 115a 31e5 ee65 87f7
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: A51E08D673F6BE9D
AlgorithmType: SymmetricCipher
Ciphertext: 280d 763b 931b da81
Comment: CHAM-64/ECB, 128-bit key
Key: 0914 eef6 827c 21b9 c697 05ce b28b 7dd5
Name: CHAM-64/ECB
Plaintext: e722 2e2b 0f2c ee49
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 72C550E28939BDC9
AlgorithmType: SymmetricCipher
Ciphertext: 0277 8604 1b15 8cb9
Comment: CHAM-64/ECB, 128-bit key
Key: 2fa2 fb02 1cd5 9124 ee27 1ec9 7307 6a13
Name: CHAM-64/ECB
Plaintext: 9fc0 8c64 f9f9 8163
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 37D7158F62253EAC
AlgorithmType: SymmetricCipher
Ciphertext: 5684 2bf7 606d 67f8
Comment: CHAM-64/ECB, 128-bit key
Key: 6035 af8d 6d97 6a47 1bc9 cb88 1a4a f2aa
Name: CHAM-64/ECB
Plaintext: 657b 5980 aad8 468b
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 18B8306992E639F3
AlgorithmType: SymmetricCipher
Ciphertext: 9263 2bf9 9819 783a
Comment: CHAM-64/ECB, 128-bit key
Key: be3a cf23 eda6 9014 023e 098b 37c3 9b9e
Name: CHAM-64/ECB
Plaintext: ff83 911e 2f35 84a5
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 64DDFAC57B359503
AlgorithmType: SymmetricCipher
Ciphertext: f810 fad0 80f0 19bd
Comment: CHAM-64/ECB, 128-bit key
Key: ffde 8a15 21c5 fb5e b6b1 1ec9 05aa c629
Name: CHAM-64/ECB
Plaintext: 7802 c7a5 d52f 1868
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 4245EF2E6E891989
AlgorithmType: SymmetricCipher
Ciphertext: e733 fd94 c357 d36c
Comment: CHAM-64/ECB, 128-bit key
Key: fc25 b83f 5058 9cb6 fe7a 5d6c 1635 5cfd
Name: CHAM-64/ECB
Plaintext: 1ab2 1791 a5d3 05aa
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: E99358A91FB913D3
AlgorithmType: SymmetricCipher
Ciphertext: 5bc2 2475 f93f 6cc8
Comment: CHAM-64/ECB, 128-bit key
Key: fae3 5e23 e357 3e33 4468 c725 80e5 4a6e
Name: CHAM-64/ECB
Plaintext: 5dc5 c55f 6b8d 31e2
Source: CHAM reference implementation
Test: Encrypt

Test FAILED.
Skipping to next test.

Testing SymmetricCipher algorithm CHAM-128/ECB.
....................
Testing SymmetricCipher algorithm CHAM-64/CTR.
..........
Testing SymmetricCipher algorithm CHAM-128/CTR.
....................
Tests complete. Total tests = 60. Failed tests = 10.
SOME TESTS FAILED!

noloader added a commit that referenced this issue Jul 1, 2018

Fix bad CHAM-64/ECB decryption with Clang at -O1 (GH #677)
This changes both the encryption and decryption loops to perform 4 rounds per iteration rather than 8 rounds. Decryption was necessary for this bug. Encryption was included to keep things symmetrical in case of future maintenance
@noloader

This comment has been minimized.

Copy link
Collaborator Author

commented Jul 1, 2018

Fixed at Commit aa80c7d4acb6 . The aa80c7d change reduced the number of rounds per loop iteration from 8 to 4. But I don't know why it was the solution.

Reducing the rounds/iteration from 8 to 4 cost us about 0.9 cpb. In the big picture 8 rounds performed at around 13.9 and 4 rounds performs at about 14.8 cpb. I don't like to give cycles back but I'm not sure what else we can do.

@noloader noloader closed this Jul 1, 2018

noloader added a commit that referenced this issue Jul 4, 2018

Switch back to _mm_load_sd to load subkeys
We performed an intermediate copy while attempting to isolate GH #677.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.