Skip to content

common: Move backend includes into new backends.h shim#1692

Open
hanno-becker wants to merge 1 commit into
mainfrom
no_common
Open

common: Move backend includes into new backends.h shim#1692
hanno-becker wants to merge 1 commit into
mainfrom
no_common

Conversation

@hanno-becker
Copy link
Copy Markdown
Contributor

@hanno-becker hanno-becker commented May 12, 2026
edited
Loading

common.h previously pulled in MLK_CONFIG_ARITH_BACKEND_FILE and MLK_CONFIG_FIPS202_BACKEND_FILE for every translation unit, which caused gcc-4.8 / -O0 link failures when a TU was compiled in isolation without the backend (issue #1182).

Introduce mlkem/src/backends.h as the single shim that materialises backend metadata and the MLK_CHECK_APIS sanity includes. Consumer C files (compress.c, indcpa.c, poly.c, poly_k.c, sampling.c, fips202/keccakf1600.c) and backend-internal asm/C sources include backends.h instead of either the old common.h block or a direct ../meta.h / ../auto.h reference.

@hanno-becker hanno-becker force-pushed the no_common branch 6 times, most recently from 451a82a to f2bf5e8 Compare May 14, 2026 14:44
@oqs-bot
Copy link
Copy Markdown
Contributor

oqs-bot commented May 14, 2026
edited
Loading

CBMC Results (ML-KEM-768)

Full Results (191 proofs)
Proof Status Current Previous Change
**TOTAL** 1315s 1208s +8.9%
mlk_indcpa_keypair_derand 190s 186s +2%
mlk_indcpa_enc 178s 170s +5%
mlk_rej_uniform_c 137s 120s +14%
mlk_polyvec_basemul_acc_montgomery_cached_c 53s 43s +23%
mlk_ntt_layer 35s 33s +6%
mlk_poly_rej_uniform 34s 26s +31%
mlk_keccak_squeezeblocks_x4 28s 25s +12%
poly_ntt_native 27s 21s +29%
mlk_poly_reduce_native 22s 23s -4%
mlk_fqmul 20s 16s +25%
keccakf1600x4_permute_native_x4 18s 18s +0%
polyvec_basemul_acc_montgomery_cached_native 17s 17s +0%
mlk_indcpa_dec 14s 11s +27%
mlk_poly_decompress_d10_native 14s 15s -7%
mlk_poly_decompress_d4_native 14s 13s +8%
mlk_poly_frombytes_native 13s 7s +86%
mlk_keccak_squeezeblocks 10s 9s +11%
mlk_poly_frommsg 9s 9s +0%
mlk_polyvec_add 9s 9s +0%
mlk_keccak_squeeze_once 8s 8s +0%
mlk_poly_ntt 8s 7s +14%
mlk_ntt_butterfly_block 7s 9s -22%
rej_uniform_native_x86_64 7s 8s -12%
mlk_gen_matrix_serial 6s 2s +200%
mlk_invntt_layer 6s 4s +50%
mlk_keccak_absorb_once_x4 6s 5s +20%
mlk_keccakf1600_permute_c 6s 7s -14%
mlk_poly_rej_uniform_x4 6s 6s +0%
mlk_sha3_256 6s 1s +500%
poly_frombytes_native_x86_64 6s 5s +20%
kem_dec 5s 6s -17%
mlk_ct_memcmp 5s 1s +400%
mlk_gen_matrix 5s 3s +67%
mlk_poly_compress_d4 5s 1s +400%
mlk_poly_mulcache_compute_c 5s 2s +150%
mlk_poly_reduce_c 5s 3s +67%
mlk_poly_tobytes_c 5s 3s +67%
poly_compress_d4_native_x86_64 5s 3s +67%
poly_decompress_d4_native_x86_64 5s 3s +67%
keccak_f1600_x4_native_aarch64_v84a 4s 1s +300%
kem_check_pk 4s 2s +100%
mlk_ct_sel_int16 4s 3s +33%
mlk_ct_sel_uint8 4s 1s +300%
mlk_keccakf1600x4_extract_bytes_c 4s 1s +300%
mlk_keccakf1600x4_permute 4s 2s +100%
mlk_keypair_getnoise_eta1 4s 2s +100%
mlk_poly_decompress_d11_native 4s 2s +100%
mlk_poly_decompress_dv 4s 1s +300%
mlk_poly_getnoise_eta1_4x_native 4s 2s +100%
mlk_poly_tomont_c 4s 2s +100%
mlk_polymat_permute_bitrev_to_custom 4s 4s +0%
mlk_polyvec_mulcache_compute 4s 2s +100%
mlk_polyvec_permute_bitrev_to_custom_native 4s 2s +100%
mlk_scalar_compress_d1 4s 2s +100%
mlk_value_barrier_u8 4s 2s +100%
poly_decompress_d10_native_x86_64 4s 4s +0%
poly_invntt_tomont_native 4s 2s +100%
intt_native_aarch64 3s 1s +200%
intt_native_x86_64 3s 2s +50%
keccak_f1600_x1_native_aarch64 3s 1s +200%
keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid 3s 2s +50%
keccakf1600x4_xor_bytes_native 3s 2s +50%
kem_check_sk 3s 4s -25%
mlk_check_pct 3s 3s +0%
mlk_ct_cmask_nonzero_u16 3s 1s +200%
mlk_ct_get_optblocker_u32 3s 2s +50%
mlk_enc_getnoise_eta1_eta2 3s 4s -25%
mlk_keccak_absorb_once 3s 6s -50%
mlk_keccakf1600_extract_bytes (big endian) 3s 3s +0%
mlk_keccakf1600_xor_bytes 3s 1s +200%
mlk_keccakf1600x4_extract_bytes 3s 2s +50%
mlk_keccakf1600x4_xor_bytes 3s 3s +0%
mlk_poly_compress_d10_c 3s 3s +0%
mlk_poly_compress_d11 3s 4s -25%
mlk_poly_compress_d4_native 3s 2s +50%
mlk_poly_compress_d5_c 3s 2s +50%
mlk_poly_compress_du 3s 3s +0%
mlk_poly_decompress_d11 3s 1s +200%
mlk_poly_decompress_d5_c 3s 1s +200%
mlk_poly_frombytes 3s 3s +0%
mlk_poly_invntt_tomont 3s 2s +50%
mlk_poly_mulcache_compute 3s 4s -25%
mlk_poly_mulcache_compute_native 3s 2s +50%
mlk_poly_ntt_c 3s 2s +50%
mlk_poly_tomont_native 3s 2s +50%
mlk_poly_tomsg 3s 3s +0%
mlk_polyvec_frombytes 3s 2s +50%
mlk_polyvec_invntt_tomont 3s 3s +0%
mlk_polyvec_ntt 3s 3s +0%
mlk_scalar_compress_d11 3s 2s +50%
mlk_scalar_compress_d4 3s 2s +50%
mlk_scalar_decompress_d10 3s 3s +0%
mlk_scalar_decompress_d4 3s 3s +0%
mlk_scalar_decompress_d5 3s 2s +50%
mlk_shake128x4_absorb_once 3s 1s +200%
mlk_shake256x4 3s 3s +0%
mlk_value_barrier_u32 3s 1s +200%
ntt_native_aarch64 3s 1s +200%
nttunpack_native_x86_64 3s 4s -25%
poly_decompress_d11_native_x86_64 3s 4s -25%
poly_mulcache_compute_native_x86_64 3s 2s +50%
poly_tobytes_native_aarch64 3s 3s +0%
polyvec_basemul_acc_montgomery_cached_k2_native_aarch64 3s 3s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_aarch64 3s 2s +50%
polyvec_basemul_acc_montgomery_cached_k4_native_aarch64 3s 3s +0%
sys_check_capability 3s 2s +50%
keccakf1600_permute_native 2s 1s +100%
kem_keypair 2s 3s -33%
mlk_barrett_reduce 2s 2s +0%
mlk_ct_cmask_neg_i16 2s 2s +0%
mlk_keccakf1600_extract_bytes 2s 2s +0%
mlk_keccakf1600_xor_bytes (big endian) 2s 3s -33%
mlk_keccakf1600x4_xor_bytes_c 2s 2s +0%
mlk_matvec_mul 2s 1s +100%
mlk_montgomery_reduce 2s 2s +0%
mlk_poly_add 2s 2s +0%
mlk_poly_cbd_eta1 2s 4s -50%
mlk_poly_compress_d10 2s 3s -33%
mlk_poly_compress_d11_native 2s 1s +100%
mlk_poly_compress_d4_c 2s 2s +0%
mlk_poly_compress_d5 2s 2s +0%
mlk_poly_compress_dv 2s 2s +0%
mlk_poly_decompress_d10 2s 2s +0%
mlk_poly_decompress_d10_c 2s 2s +0%
mlk_poly_decompress_d4_c 2s 2s +0%
mlk_poly_decompress_d5 2s 3s -33%
mlk_poly_decompress_d5_native 2s 1s +100%
mlk_poly_decompress_du 2s 2s +0%
mlk_poly_frombytes_c 2s 2s +0%
mlk_poly_getnoise_eta1122_4x 2s 2s +0%
mlk_poly_getnoise_eta1_4x 2s 2s +0%
mlk_poly_getnoise_eta2 2s 2s +0%
mlk_poly_invntt_tomont_c 2s 2s +0%
mlk_poly_reduce 2s 3s -33%
mlk_poly_tobytes 2s 3s -33%
mlk_polyvec_compress_du 2s 1s +100%
mlk_polyvec_decompress_du 2s 3s -33%
mlk_polyvec_permute_bitrev_to_custom 2s 1s +100%
mlk_polyvec_reduce 2s 4s -50%
mlk_rej_uniform 2s 2s +0%
mlk_scalar_compress_d10 2s 1s +100%
mlk_scalar_compress_d5 2s 2s +0%
mlk_scalar_decompress_d11 2s 1s +100%
mlk_scalar_signed_to_unsigned_q 2s 2s +0%
mlk_sha3_512 2s 4s -50%
mlk_shake128_squeezeblocks 2s 2s +0%
mlk_shake128x4_squeezeblocks 2s 1s +100%
mlk_shake256 2s 2s +0%
mlk_value_barrier_i32 2s 4s -50%
poly_compress_d10_native_x86_64 2s 1s +100%
poly_compress_d5_native_x86_64 2s 2s +0%
poly_decompress_d5_native_x86_64 2s 1s +100%
poly_reduce_native_aarch64 2s 4s -50%
poly_tobytes_native_x86_64 2s 1s +100%
poly_tomont_native_aarch64 2s 3s -33%
polyvec_basemul_acc_montgomery_cached_k4_native_x86_64 2s 3s -33%
rej_uniform_native 2s 2s +0%
rej_uniform_native_aarch64 2s 3s -33%
keccak_f1600_x1_native_aarch64_v84a 1s 2s -50%
keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid 1s 3s -67%
keccak_f1600_x4_native_avx2 1s 2s -50%
keccakf1600x4_extract_bytes_native 1s 1s +0%
kem_enc 1s 3s -67%
kem_enc_derand 1s 2s -50%
kem_keypair_derand 1s 3s -67%
mlk_ct_cmask_nonzero_u8 1s 1s +0%
mlk_ct_cmov_zero 1s 3s -67%
mlk_ct_get_optblocker_i32 1s 2s -50%
mlk_ct_get_optblocker_u8 1s 3s -67%
mlk_keccakf1600_permute 1s 3s -67%
mlk_poly_cbd_eta2 1s 3s -67%
mlk_poly_compress_d10_native 1s 3s -67%
mlk_poly_compress_d11_c 1s 3s -67%
mlk_poly_compress_d5_native 1s 3s -67%
mlk_poly_decompress_d11_c 1s 2s -50%
mlk_poly_decompress_d4 1s 1s +0%
mlk_poly_sub 1s 2s -50%
mlk_poly_tobytes_native 1s 2s -50%
mlk_poly_tomont 1s 3s -67%
mlk_polyvec_basemul_acc_montgomery_cached 1s 2s -50%
mlk_polyvec_tobytes 1s 4s -75%
mlk_polyvec_tomont 1s 2s -50%
mlk_shake128_absorb_once 1s 5s -80%
ntt_native_x86_64 1s 2s -50%
poly_compress_d11_native_x86_64 1s 3s -67%
poly_getnoise_eta1122_4x_native 1s 2s -50%
poly_mulcache_compute_native_aarch64 1s 2s -50%
poly_reduce_native_x86_64 1s 2s -50%
poly_tomont_native_x86_64 1s 3s -67%
polyvec_basemul_acc_montgomery_cached_k2_native_x86_64 1s 1s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_x86_64 1s 3s -67%

@oqs-bot
Copy link
Copy Markdown
Contributor

oqs-bot commented May 14, 2026
edited
Loading

CBMC Results (ML-KEM-1024)

Full Results (191 proofs)
Proof Status Current Previous Change
**TOTAL** 1160s 1188s -2.4%
mlk_indcpa_enc 139s 142s -2%
mlk_indcpa_keypair_derand 118s 128s -8%
mlk_rej_uniform_c 116s 116s +0%
mlk_polyvec_basemul_acc_montgomery_cached_c 73s 76s -4%
polyvec_basemul_acc_montgomery_cached_native 29s 34s -15%
mlk_poly_rej_uniform 28s 31s -10%
mlk_ntt_layer 26s 31s -16%
mlk_keccak_squeezeblocks_x4 24s 24s +0%
poly_ntt_native 24s 27s -11%
mlk_poly_reduce_native 20s 21s -5%
keccakf1600x4_permute_native_x4 18s 16s +12%
mlk_fqmul 17s 16s +6%
mlk_poly_decompress_d5_native 15s 14s +7%
mlk_poly_decompress_d11_native 14s 14s +0%
mlk_indcpa_dec 10s 9s +11%
mlk_polyvec_add 10s 12s -17%
mlk_keccak_squeeze_once 9s 7s +29%
mlk_poly_rej_uniform_x4 9s 6s +50%
mlk_ntt_butterfly_block 7s 9s -22%
mlk_poly_frombytes_native 7s 8s -12%
mlk_poly_frommsg 7s 8s -12%
rej_uniform_native_x86_64 7s 6s +17%
mlk_gen_matrix 6s 7s -14%
mlk_keccak_absorb_once_x4 6s 5s +20%
mlk_keccak_squeezeblocks 6s 8s -25%
mlk_matvec_mul 6s 4s +50%
mlk_polyvec_basemul_acc_montgomery_cached 6s 2s +200%
poly_frombytes_native_x86_64 6s 5s +20%
kem_dec 5s 4s +25%
kem_enc_derand 5s 4s +25%
mlk_poly_ntt 5s 7s -29%
mlk_polymat_permute_bitrev_to_custom 5s 5s +0%
mlk_scalar_decompress_d5 5s 2s +150%
poly_decompress_d11_native_x86_64 5s 6s -17%
mlk_barrett_reduce 4s 2s +100%
mlk_gen_matrix_serial 4s 4s +0%
mlk_keccak_absorb_once 4s 3s +33%
mlk_keccakf1600_permute_c 4s 6s -33%
mlk_poly_compress_d10 4s 1s +300%
mlk_poly_compress_d11_c 4s 6s -33%
mlk_poly_compress_d4 4s 2s +100%
mlk_poly_compress_d4_c 4s 1s +300%
mlk_poly_compress_d4_native 4s 2s +100%
mlk_poly_decompress_d11_c 4s 2s +100%
mlk_poly_decompress_du 4s 2s +100%
mlk_poly_getnoise_eta1_4x_native 4s 1s +300%
mlk_poly_tobytes_native 4s 2s +100%
mlk_polyvec_invntt_tomont 4s 1s +300%
mlk_polyvec_ntt 4s 3s +33%
mlk_shake256x4 4s 4s +0%
ntt_native_x86_64 4s 2s +100%
poly_decompress_d5_native_x86_64 4s 6s -33%
rej_uniform_native 4s 2s +100%
rej_uniform_native_aarch64 4s 1s +300%
intt_native_x86_64 3s 2s +50%
keccakf1600x4_extract_bytes_native 3s 2s +50%
kem_check_sk 3s 3s +0%
kem_keypair 3s 3s +0%
kem_keypair_derand 3s 3s +0%
mlk_ct_cmov_zero 3s 2s +50%
mlk_invntt_layer 3s 4s -25%
mlk_keccakf1600_extract_bytes (big endian) 3s 1s +200%
mlk_keccakf1600x4_xor_bytes_c 3s 2s +50%
mlk_keypair_getnoise_eta1 3s 4s -25%
mlk_poly_cbd_eta2 3s 1s +200%
mlk_poly_compress_d5 3s 1s +200%
mlk_poly_decompress_d10 3s 4s -25%
mlk_poly_mulcache_compute 3s 3s +0%
mlk_poly_ntt_c 3s 3s +0%
mlk_poly_reduce 3s 2s +50%
mlk_poly_reduce_c 3s 1s +200%
mlk_poly_tomont 3s 1s +200%
mlk_poly_tomont_native 3s 3s +0%
mlk_polyvec_permute_bitrev_to_custom_native 3s 3s +0%
mlk_scalar_compress_d1 3s 1s +200%
mlk_scalar_compress_d4 3s 2s +50%
mlk_scalar_decompress_d10 3s 4s -25%
mlk_sha3_256 3s 2s +50%
mlk_shake128_squeezeblocks 3s 1s +200%
mlk_shake128x4_absorb_once 3s 3s +0%
mlk_value_barrier_i32 3s 1s +200%
poly_compress_d10_native_x86_64 3s 5s -40%
poly_compress_d11_native_x86_64 3s 3s +0%
poly_compress_d4_native_x86_64 3s 2s +50%
poly_decompress_d10_native_x86_64 3s 1s +200%
poly_mulcache_compute_native_x86_64 3s 3s +0%
poly_tomont_native_aarch64 3s 3s +0%
poly_tomont_native_x86_64 3s 4s -25%
polyvec_basemul_acc_montgomery_cached_k2_native_aarch64 3s 3s +0%
polyvec_basemul_acc_montgomery_cached_k2_native_x86_64 3s 3s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_x86_64 3s 3s +0%
intt_native_aarch64 2s 2s +0%
keccak_f1600_x1_native_aarch64 2s 1s +100%
keccak_f1600_x1_native_aarch64_v84a 2s 2s +0%
keccak_f1600_x4_native_aarch64_v84a 2s 1s +100%
keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid 2s 4s -50%
keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid 2s 3s -33%
keccakf1600_permute_native 2s 3s -33%
kem_check_pk 2s 5s -60%
kem_enc 2s 1s +100%
mlk_ct_cmask_neg_i16 2s 2s +0%
mlk_ct_cmask_nonzero_u16 2s 2s +0%
mlk_ct_get_optblocker_u32 2s 1s +100%
mlk_ct_memcmp 2s 2s +0%
mlk_ct_sel_int16 2s 3s -33%
mlk_ct_sel_uint8 2s 3s -33%
mlk_enc_getnoise_eta1_eta2 2s 2s +0%
mlk_keccakf1600_permute 2s 1s +100%
mlk_keccakf1600x4_extract_bytes_c 2s 2s +0%
mlk_keccakf1600x4_permute 2s 1s +100%
mlk_keccakf1600x4_xor_bytes 2s 5s -60%
mlk_poly_add 2s 4s -50%
mlk_poly_cbd_eta1 2s 4s -50%
mlk_poly_compress_d10_c 2s 3s -33%
mlk_poly_compress_d10_native 2s 2s +0%
mlk_poly_compress_d11 2s 1s +100%
mlk_poly_compress_d11_native 2s 2s +0%
mlk_poly_compress_d5_c 2s 2s +0%
mlk_poly_compress_d5_native 2s 2s +0%
mlk_poly_compress_du 2s 3s -33%
mlk_poly_compress_dv 2s 2s +0%
mlk_poly_decompress_d10_c 2s 3s -33%
mlk_poly_decompress_d11 2s 3s -33%
mlk_poly_decompress_d4 2s 3s -33%
mlk_poly_decompress_d4_c 2s 2s +0%
mlk_poly_decompress_d4_native 2s 2s +0%
mlk_poly_decompress_d5 2s 2s +0%
mlk_poly_decompress_d5_c 2s 2s +0%
mlk_poly_frombytes 2s 2s +0%
mlk_poly_frombytes_c 2s 3s -33%
mlk_poly_getnoise_eta1_4x 2s 1s +100%
mlk_poly_getnoise_eta2 2s 2s +0%
mlk_poly_invntt_tomont 2s 2s +0%
mlk_poly_invntt_tomont_c 2s 3s -33%
mlk_poly_mulcache_compute_c 2s 2s +0%
mlk_poly_mulcache_compute_native 2s 2s +0%
mlk_poly_sub 2s 1s +100%
mlk_poly_tobytes 2s 4s -50%
mlk_poly_tobytes_c 2s 2s +0%
mlk_poly_tomsg 2s 1s +100%
mlk_polyvec_compress_du 2s 1s +100%
mlk_polyvec_frombytes 2s 3s -33%
mlk_polyvec_mulcache_compute 2s 3s -33%
mlk_polyvec_tomont 2s 3s -33%
mlk_rej_uniform 2s 1s +100%
mlk_scalar_compress_d10 2s 2s +0%
mlk_scalar_compress_d11 2s 4s -50%
mlk_scalar_compress_d5 2s 1s +100%
mlk_scalar_decompress_d11 2s 2s +0%
mlk_scalar_decompress_d4 2s 1s +100%
mlk_sha3_512 2s 2s +0%
mlk_shake128x4_squeezeblocks 2s 1s +100%
mlk_shake256 2s 3s -33%
mlk_value_barrier_u32 2s 3s -33%
mlk_value_barrier_u8 2s 3s -33%
ntt_native_aarch64 2s 3s -33%
nttunpack_native_x86_64 2s 3s -33%
poly_compress_d5_native_x86_64 2s 5s -60%
poly_decompress_d4_native_x86_64 2s 1s +100%
poly_getnoise_eta1122_4x_native 2s 3s -33%
poly_mulcache_compute_native_aarch64 2s 2s +0%
poly_reduce_native_aarch64 2s 2s +0%
poly_reduce_native_x86_64 2s 3s -33%
poly_tobytes_native_x86_64 2s 3s -33%
polyvec_basemul_acc_montgomery_cached_k4_native_aarch64 2s 1s +100%
polyvec_basemul_acc_montgomery_cached_k4_native_x86_64 2s 2s +0%
sys_check_capability 2s 2s +0%
keccak_f1600_x4_native_avx2 1s 3s -67%
keccakf1600x4_xor_bytes_native 1s 2s -50%
mlk_check_pct 1s 2s -50%
mlk_ct_cmask_nonzero_u8 1s 1s +0%
mlk_ct_get_optblocker_i32 1s 3s -67%
mlk_ct_get_optblocker_u8 1s 3s -67%
mlk_keccakf1600_extract_bytes 1s 1s +0%
mlk_keccakf1600_xor_bytes 1s 3s -67%
mlk_keccakf1600_xor_bytes (big endian) 1s 4s -75%
mlk_keccakf1600x4_extract_bytes 1s 2s -50%
mlk_montgomery_reduce 1s 3s -67%
mlk_poly_decompress_d10_native 1s 2s -50%
mlk_poly_decompress_dv 1s 2s -50%
mlk_poly_getnoise_eta1122_4x 1s 3s -67%
mlk_poly_tomont_c 1s 3s -67%
mlk_polyvec_decompress_du 1s 2s -50%
mlk_polyvec_permute_bitrev_to_custom 1s 3s -67%
mlk_polyvec_reduce 1s 1s +0%
mlk_polyvec_tobytes 1s 2s -50%
mlk_scalar_signed_to_unsigned_q 1s 2s -50%
mlk_shake128_absorb_once 1s 1s +0%
poly_invntt_tomont_native 1s 2s -50%
poly_tobytes_native_aarch64 1s 1s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_aarch64 1s 2s -50%

@oqs-bot
Copy link
Copy Markdown
Contributor

oqs-bot commented May 14, 2026
edited
Loading

CBMC Results (ML-KEM-512)

Full Results (191 proofs)
Proof Status Current Previous Change
**TOTAL** 1330s 1262s +5.4%
mlk_indcpa_keypair_derand 243s 240s +1%
mlk_indcpa_enc 170s 162s +5%
mlk_rej_uniform_c 128s 110s +16%
mlk_polyvec_basemul_acc_montgomery_cached_c 52s 51s +2%
mlk_poly_rej_uniform 32s 32s +0%
mlk_keccak_squeezeblocks_x4 26s 24s +8%
mlk_ntt_layer 26s 27s -4%
mlk_poly_reduce_native 24s 20s +20%
poly_ntt_native 23s 24s -4%
keccakf1600x4_permute_native_x4 17s 16s +6%
mlk_fqmul 17s 14s +21%
mlk_indcpa_dec 15s 13s +15%
mlk_polyvec_add 15s 11s +36%
mlk_poly_decompress_d4_native 14s 14s +0%
mlk_poly_decompress_d10_native 13s 14s -7%
mlk_poly_frommsg 12s 11s +9%
mlk_keccak_squeezeblocks 8s 10s -20%
mlk_ntt_butterfly_block 8s 9s -11%
mlk_poly_frombytes_native 8s 7s +14%
mlk_poly_ntt 8s 5s +60%
polyvec_basemul_acc_montgomery_cached_native 8s 6s +33%
mlk_keccak_absorb_once_x4 7s 6s +17%
mlk_poly_rej_uniform_x4 7s 8s -12%
poly_decompress_d4_native_x86_64 7s 5s +40%
mlk_keccak_squeeze_once 6s 8s -25%
poly_decompress_d10_native_x86_64 6s 4s +50%
rej_uniform_native_x86_64 6s 4s +50%
mlk_invntt_layer 5s 5s +0%
mlk_poly_cbd_eta2 5s 5s +0%
mlk_poly_decompress_d4 5s 3s +67%
mlk_poly_getnoise_eta1_4x_native 5s 1s +400%
mlk_polyvec_permute_bitrev_to_custom_native 5s 2s +150%
poly_frombytes_native_x86_64 5s 5s +0%
intt_native_aarch64 4s 3s +33%
keccakf1600x4_extract_bytes_native 4s 2s +100%
kem_dec 4s 3s +33%
mlk_keccakf1600_permute_c 4s 5s -20%
mlk_keccakf1600_xor_bytes 4s 4s +0%
mlk_keccakf1600x4_extract_bytes 4s 2s +100%
mlk_keccakf1600x4_extract_bytes_c 4s 3s +33%
mlk_keypair_getnoise_eta1 4s 2s +100%
mlk_poly_cbd_eta1 4s 3s +33%
mlk_poly_compress_d4_native 4s 5s -20%
mlk_poly_decompress_d10_c 4s 3s +33%
mlk_poly_decompress_du 4s 3s +33%
mlk_poly_decompress_dv 4s 3s +33%
mlk_poly_mulcache_compute_c 4s 3s +33%
mlk_poly_tobytes_c 4s 4s +0%
mlk_polyvec_compress_du 4s 2s +100%
mlk_sha3_256 4s 1s +300%
poly_getnoise_eta1122_4x_native 4s 4s +0%
poly_reduce_native_x86_64 4s 1s +300%
poly_tomont_native_aarch64 4s 2s +100%
rej_uniform_native_aarch64 4s 4s +0%
intt_native_x86_64 3s 4s -25%
keccak_f1600_x1_native_aarch64 3s 3s +0%
keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid 3s 2s +50%
kem_check_pk 3s 3s +0%
kem_check_sk 3s 2s +50%
kem_keypair 3s 2s +50%
mlk_barrett_reduce 3s 2s +50%
mlk_ct_cmask_nonzero_u16 3s 3s +0%
mlk_enc_getnoise_eta1_eta2 3s 3s +0%
mlk_keccakf1600_permute 3s 1s +200%
mlk_keccakf1600x4_xor_bytes_c 3s 2s +50%
mlk_matvec_mul 3s 2s +50%
mlk_poly_add 3s 3s +0%
mlk_poly_compress_d10 3s 4s -25%
mlk_poly_compress_d10_c 3s 5s -40%
mlk_poly_compress_d11_c 3s 2s +50%
mlk_poly_compress_d4_c 3s 1s +200%
mlk_poly_compress_d5 3s 2s +50%
mlk_poly_compress_du 3s 1s +200%
mlk_poly_compress_dv 3s 2s +50%
mlk_poly_decompress_d11_c 3s 2s +50%
mlk_poly_decompress_d5 3s 3s +0%
mlk_poly_getnoise_eta2 3s 3s +0%
mlk_poly_invntt_tomont_c 3s 4s -25%
mlk_poly_ntt_c 3s 2s +50%
mlk_poly_sub 3s 2s +50%
mlk_poly_tobytes 3s 2s +50%
mlk_poly_tomont_native 3s 3s +0%
mlk_poly_tomsg 3s 3s +0%
mlk_polymat_permute_bitrev_to_custom 3s 2s +50%
mlk_polyvec_decompress_du 3s 1s +200%
mlk_polyvec_frombytes 3s 2s +50%
mlk_polyvec_reduce 3s 2s +50%
mlk_rej_uniform 3s 2s +50%
mlk_scalar_compress_d10 3s 2s +50%
mlk_scalar_compress_d11 3s 2s +50%
mlk_scalar_decompress_d10 3s 1s +200%
mlk_scalar_decompress_d4 3s 4s -25%
mlk_scalar_signed_to_unsigned_q 3s 2s +50%
mlk_shake128_squeezeblocks 3s 1s +200%
mlk_shake256 3s 2s +50%
mlk_value_barrier_i32 3s 4s -25%
nttunpack_native_x86_64 3s 2s +50%
poly_compress_d5_native_x86_64 3s 4s -25%
poly_decompress_d5_native_x86_64 3s 1s +200%
poly_mulcache_compute_native_x86_64 3s 3s +0%
poly_reduce_native_aarch64 3s 3s +0%
poly_tobytes_native_x86_64 3s 4s -25%
poly_tomont_native_x86_64 3s 4s -25%
polyvec_basemul_acc_montgomery_cached_k2_native_aarch64 3s 3s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_aarch64 3s 1s +200%
polyvec_basemul_acc_montgomery_cached_k3_native_x86_64 3s 3s +0%
polyvec_basemul_acc_montgomery_cached_k4_native_x86_64 3s 1s +200%
rej_uniform_native 3s 1s +200%
keccak_f1600_x1_native_aarch64_v84a 2s 2s +0%
keccak_f1600_x4_native_aarch64_v84a 2s 3s -33%
keccakf1600x4_xor_bytes_native 2s 2s +0%
kem_enc_derand 2s 4s -50%
kem_keypair_derand 2s 1s +100%
mlk_check_pct 2s 1s +100%
mlk_ct_cmask_neg_i16 2s 2s +0%
mlk_ct_cmov_zero 2s 4s -50%
mlk_ct_get_optblocker_i32 2s 2s +0%
mlk_ct_get_optblocker_u32 2s 2s +0%
mlk_ct_get_optblocker_u8 2s 2s +0%
mlk_ct_memcmp 2s 2s +0%
mlk_ct_sel_int16 2s 1s +100%
mlk_ct_sel_uint8 2s 1s +100%
mlk_gen_matrix 2s 5s -60%
mlk_keccak_absorb_once 2s 5s -60%
mlk_keccakf1600_extract_bytes (big endian) 2s 3s -33%
mlk_keccakf1600_xor_bytes (big endian) 2s 1s +100%
mlk_keccakf1600x4_permute 2s 2s +0%
mlk_keccakf1600x4_xor_bytes 2s 2s +0%
mlk_montgomery_reduce 2s 3s -33%
mlk_poly_compress_d10_native 2s 3s -33%
mlk_poly_compress_d11 2s 2s +0%
mlk_poly_compress_d4 2s 4s -50%
mlk_poly_compress_d5_c 2s 2s +0%
mlk_poly_compress_d5_native 2s 1s +100%
mlk_poly_decompress_d10 2s 2s +0%
mlk_poly_decompress_d11 2s 3s -33%
mlk_poly_decompress_d11_native 2s 2s +0%
mlk_poly_decompress_d4_c 2s 4s -50%
mlk_poly_decompress_d5_c 2s 2s +0%
mlk_poly_decompress_d5_native 2s 1s +100%
mlk_poly_frombytes 2s 2s +0%
mlk_poly_frombytes_c 2s 1s +100%
mlk_poly_getnoise_eta1122_4x 2s 1s +100%
mlk_poly_getnoise_eta1_4x 2s 2s +0%
mlk_poly_invntt_tomont 2s 2s +0%
mlk_poly_mulcache_compute 2s 2s +0%
mlk_poly_mulcache_compute_native 2s 2s +0%
mlk_poly_reduce 2s 2s +0%
mlk_poly_reduce_c 2s 2s +0%
mlk_poly_tobytes_native 2s 1s +100%
mlk_poly_tomont 2s 2s +0%
mlk_poly_tomont_c 2s 1s +100%
mlk_polyvec_basemul_acc_montgomery_cached 2s 5s -60%
mlk_polyvec_invntt_tomont 2s 2s +0%
mlk_polyvec_mulcache_compute 2s 4s -50%
mlk_polyvec_ntt 2s 5s -60%
mlk_polyvec_permute_bitrev_to_custom 2s 3s -33%
mlk_polyvec_tobytes 2s 2s +0%
mlk_scalar_compress_d1 2s 3s -33%
mlk_scalar_compress_d5 2s 2s +0%
mlk_scalar_decompress_d5 2s 2s +0%
mlk_sha3_512 2s 3s -33%
mlk_shake128_absorb_once 2s 3s -33%
mlk_shake128x4_squeezeblocks 2s 1s +100%
mlk_shake256x4 2s 3s -33%
mlk_value_barrier_u32 2s 2s +0%
ntt_native_aarch64 2s 2s +0%
poly_compress_d4_native_x86_64 2s 2s +0%
poly_decompress_d11_native_x86_64 2s 3s -33%
poly_mulcache_compute_native_aarch64 2s 2s +0%
polyvec_basemul_acc_montgomery_cached_k2_native_x86_64 2s 2s +0%
polyvec_basemul_acc_montgomery_cached_k4_native_aarch64 2s 2s +0%
sys_check_capability 2s 2s +0%
keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid 1s 3s -67%
keccak_f1600_x4_native_avx2 1s 2s -50%
keccakf1600_permute_native 1s 2s -50%
kem_enc 1s 2s -50%
mlk_ct_cmask_nonzero_u8 1s 1s +0%
mlk_gen_matrix_serial 1s 1s +0%
mlk_keccakf1600_extract_bytes 1s 2s -50%
mlk_poly_compress_d11_native 1s 2s -50%
mlk_polyvec_tomont 1s 1s +0%
mlk_scalar_compress_d4 1s 1s +0%
mlk_scalar_decompress_d11 1s 3s -67%
mlk_shake128x4_absorb_once 1s 2s -50%
mlk_value_barrier_u8 1s 4s -75%
ntt_native_x86_64 1s 4s -75%
poly_compress_d10_native_x86_64 1s 6s -83%
poly_compress_d11_native_x86_64 1s 2s -50%
poly_invntt_tomont_native 1s 2s -50%
poly_tobytes_native_aarch64 1s 3s -67%

@hanno-becker hanno-becker marked this pull request as ready for review May 15, 2026 13:46
@hanno-becker hanno-becker requested a review from a team as a code owner May 15, 2026 13:46
mkannwischer
mkannwischer requested changes May 17, 2026
View reviewed changes
Comment thread .github/workflows/integration-opentitan.yml Outdated
Comment on lines +78 to +87
# Inject the backends.h header into the BUILD file's hdrs list.
# Upstream expo's BUILD.mlkem_native.bazel enumerates every header
# explicitly, and mlkem-native split the backend includes out of
# common.h into a new backends.h shim that the expo pin doesn't
# know about. Drop this patch once expo lists backends.h itself.
BUILD=third_party/mlkem_native/BUILD.mlkem_native.bazel
if ! grep -q '"mlkem/src/backends.h"' "$BUILD"; then
sed -i 's|"mlkem/src/common.h",|"mlkem/src/common.h",\n "mlkem/src/backends.h",|' "$BUILD"
fi

Copy link
Copy Markdown
Contributor

@mkannwischer mkannwischer May 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind doing this as a patch? That will make it easier to actually update alter.

Copy link
Copy Markdown
Contributor Author

@hanno-becker hanno-becker May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do

Copy link
Copy Markdown
Contributor Author

@hanno-becker hanno-becker May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Comment thread integration/aws-lc/pre_import.patch
Comment on lines +8 to +14
+ # Drop the backends.h include. In mlkem-native it surfaces the
+ # MLK_ARITH_BACKEND_* gate macro to the asm sources, but unifdef above
+ # has already statically resolved that gate, so the include has nothing
+ # left to provide here. Leaving it in would also break the build, since
+ # the relative path (../../../backends.h) does not resolve in the
+ # AWS-LC vendored layout.
+ sed "${SED_I[@]}" '/^#include "\.\.\/\.\.\/\.\.\/backends\.h"$/d' "$file"
Copy link
Copy Markdown
Contributor

@mkannwischer mkannwischer May 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be cleaner for AWS-LC to gate the include via the MLK_CONFIG_USE_NATIVE_BACKEND_ARITH macro? Probably I am missing soemthing here.

Copy link
Copy Markdown
Contributor Author

@hanno-becker hanno-becker May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The importer patches the common.h include to an s2n-bignum include and manually removes the backend guards so the code is unconditionally included. We hence don't need backends.h anymore here.

Copy link
Copy Markdown
Contributor Author

@hanno-becker hanno-becker May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An alternative would be to import just backends.h (because that also includes common.h) in the ASM files, and then just patch that. That's a smaller change but deviates from the convention that all files should first include common.h.

@hanno-becker
common: Move backend includes into new backends.h shim
dcab334 
common.h previously pulled in MLK_CONFIG_ARITH_BACKEND_FILE and
MLK_CONFIG_FIPS202_BACKEND_FILE for every translation unit, which
caused gcc-4.8 / -O0 link failures when a TU was compiled in
isolation without the backend (issue #1182).

Introduce mlkem/src/backends.h as the single shim that materialises
backend metadata and the MLK_CHECK_APIS sanity includes. Consumer C
files (compress.c, indcpa.c, poly.c, poly_k.c, sampling.c,
fips202/keccakf1600.c) and backend-internal asm/C sources include
backends.h instead of either the old common.h block or a direct
../meta.h / ../auto.h reference.

Update the AWS-LC importer patch to strip the backends.h include
from asm sources post-import: unifdef has already statically
resolved the MLK_ARITH_BACKEND_* gate the include was meant to
surface, and the relative path does not resolve in the AWS-LC
vendored layout.

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>
@hanno-becker
Copy link
Copy Markdown
Contributor Author

hanno-becker commented May 18, 2026

Perhaps we can wait merging this until it is confirmed that the ABI checker is unblocked by it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkannwischer mkannwischer mkannwischer requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove backend header import from common.h

3 participants

@hanno-becker @oqs-bot @mkannwischer