libgocryptfs/internal/stupidgcm/prefer.go

61 lines
1.7 KiB
Go
Raw Normal View History

package stupidgcm
import (
"runtime"
"golang.org/x/sys/cpu"
)
// PreferOpenSSLAES256GCM tells us if OpenSSL AES-256-GCM is faster than Go stdlib
// on this machine.
//
// Go GCM is only faster if the CPU either:
//
// 1) Is X86_64 && has AES instructions && Go is v1.6 or higher
// 2) Is ARM64 && has AES instructions && Go is v1.11 or higher
// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
//
// See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
// for benchmarks.
func PreferOpenSSLAES256GCM() bool {
if BuiltWithoutOpenssl {
return false
}
// If the CPU has AES acceleration, Go stdlib is faster
if CpuHasAES() {
return false
}
// Otherwise OpenSSL is probably faster
return true
}
// PreferOpenSSLXchacha20poly1305 returns true if OpenSSL Xchacha20poly1305 is
// faster than Go stdlib on this machine.
func PreferOpenSSLXchacha20poly1305() bool {
if BuiltWithoutOpenssl {
return false
}
// Go x/crypto has optimized assembly for amd64:
// https://github.com/golang/crypto/blob/master/chacha20poly1305/chacha20poly1305_amd64.s
if runtime.GOARCH == "amd64" {
return false
}
// On arm64 and arm, OpenSSL is faster. Probably everwhere else too.
return true
}
// CpuHasAES tells you if the CPU we are running has AES acceleration that is
// usable by the Go crypto library.
func CpuHasAES() bool {
// Safe to call on other architectures - will just read false.
if cpu.X86.HasAES || cpu.ARM64.HasAES {
return true
}
// On the Apple M1, the CPU has AES acceleration, despite cpu.ARM64.HasAES
// reading false: https://github.com/rfjakob/gocryptfs/issues/556#issuecomment-848079309
if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" {
return true
}
return false
}