stupidgcm: batch C calls in chacha20poly1305_seal
Go has a high overhead for each C call, so batch all openssl operations in the new C function chacha20poly1305_seal. Benchmark results: internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > old.txt internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > new.txt internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 8.79µs ± 1% 7.25µs ± 1% -17.54% (p=0.000 n=10+10) name old speed new speed delta StupidXchacha-4 466MB/s ± 1% 565MB/s ± 1% +21.27% (p=0.000 n=10+10)master
Jakob Unterwurzacher
parent
9e1dd73e55
commit
a3f5a8492a
|
|
@ -0,0 +1 @@
|
|||
*.o
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
.PHONY: gcc
|
||||
gcc:
|
||||
gcc -Wall -Wextra -Wformat-security -Wconversion -lcrypto -c *.c
|
||||
|
||||
.PHONY: format
|
||||
format:
|
||||
clang-format --style=WebKit -i *.c
|
||||
|
|
@ -0,0 +1,98 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <stdio.h>
|
||||
//#cgo pkg-config: libcrypto
|
||||
|
||||
extern void panic1(void);
|
||||
|
||||
static void panic(const char* const msg)
|
||||
{
|
||||
fprintf(stderr, "panic in C code: %s\n", msg);
|
||||
__builtin_trap();
|
||||
}
|
||||
|
||||
// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
|
||||
int chacha20poly1305_seal(
|
||||
const unsigned char* const plaintext,
|
||||
const int plaintextLen,
|
||||
const unsigned char* const authData,
|
||||
const int authDataLen,
|
||||
const unsigned char* const key,
|
||||
const int keyLen,
|
||||
const unsigned char* const iv,
|
||||
const int ivLen,
|
||||
unsigned char* const ciphertext,
|
||||
const int ciphertextBufLen)
|
||||
{
|
||||
// Create scratch space "context"
|
||||
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx) {
|
||||
panic("EVP_CIPHER_CTX_new failed");
|
||||
}
|
||||
|
||||
// Set cipher
|
||||
if (EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL) != 1) {
|
||||
panic("EVP_EncryptInit_ex set cipher failed");
|
||||
}
|
||||
|
||||
// Check keyLen by trying to set it (fails if keyLen != 32)
|
||||
if (EVP_CIPHER_CTX_set_key_length(ctx, keyLen) != 1) {
|
||||
panic("keyLen mismatch");
|
||||
}
|
||||
|
||||
// Set IV length so we do not depend on the default
|
||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivLen, NULL) != 1) {
|
||||
panic("EVP_CTRL_AEAD_SET_IVLEN failed");
|
||||
}
|
||||
|
||||
// Set key and IV
|
||||
if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) != 1) {
|
||||
panic("EVP_EncryptInit_ex set key & iv failed");
|
||||
}
|
||||
|
||||
// Provide authentication data
|
||||
int outLen = 0;
|
||||
if (EVP_EncryptUpdate(ctx, NULL, &outLen, authData, authDataLen) != 1) {
|
||||
panic("EVP_EncryptUpdate authData failed");
|
||||
}
|
||||
if (outLen != authDataLen) {
|
||||
panic("EVP_EncryptUpdate authData: unexpected length");
|
||||
}
|
||||
|
||||
// Encrypt "plaintext" into "ciphertext"
|
||||
if (plaintextLen > ciphertextBufLen) {
|
||||
panic("plaintext overflows output buffer");
|
||||
}
|
||||
if (EVP_EncryptUpdate(ctx, ciphertext, &outLen, plaintext, plaintextLen) != 1) {
|
||||
panic("EVP_EncryptUpdate ciphertext failed");
|
||||
}
|
||||
if (outLen != plaintextLen) {
|
||||
panic("EVP_EncryptUpdate ciphertext: unexpected length");
|
||||
}
|
||||
int ciphertextLen = outLen;
|
||||
|
||||
// Finalise encryption
|
||||
// Normally ciphertext bytes may be written at this stage, but this does not occur in GCM mode
|
||||
if (EVP_EncryptFinal_ex(ctx, ciphertext + plaintextLen, &outLen) != 1) {
|
||||
panic("EVP_EncryptFinal_ex failed");
|
||||
}
|
||||
if (outLen != 0) {
|
||||
panic("EVP_EncryptFinal_ex: unexpected length");
|
||||
}
|
||||
|
||||
// We only support 16-byte tags
|
||||
const int tagLen = 16;
|
||||
|
||||
// Get MAC tag and append it to the ciphertext
|
||||
if (ciphertextLen + tagLen > ciphertextBufLen) {
|
||||
panic("tag overflows output buffer");
|
||||
}
|
||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tagLen, ciphertext + plaintextLen) != 1) {
|
||||
panic("EVP_CTRL_AEAD_GET_TAG failed");
|
||||
}
|
||||
ciphertextLen += tagLen;
|
||||
|
||||
// Free scratch space
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
|
||||
return ciphertextLen;
|
||||
}
|
||||
|
|
@ -2,10 +2,6 @@
|
|||
|
||||
package stupidgcm
|
||||
|
||||
// #include <openssl/evp.h>
|
||||
// #cgo pkg-config: libcrypto
|
||||
import "C"
|
||||
|
||||
import (
|
||||
"crypto/cipher"
|
||||
"fmt"
|
||||
|
|
@ -15,6 +11,17 @@ import (
|
|||
"golang.org/x/crypto/chacha20poly1305"
|
||||
)
|
||||
|
||||
/*
|
||||
#include <openssl/evp.h>
|
||||
#cgo pkg-config: libcrypto
|
||||
int chacha20poly1305_seal(const unsigned char * const plaintext, const int plaintextLen,
|
||||
const unsigned char * const authData, const int authDataLen,
|
||||
const unsigned char * const key, const int keyLen,
|
||||
const unsigned char * const iv, const int ivLen,
|
||||
unsigned char * const ciphertext, const int ciphertextBufLen);
|
||||
*/
|
||||
import "C"
|
||||
|
||||
type stupidChacha20poly1305 struct {
|
||||
key [chacha20poly1305.KeySize]byte
|
||||
wiped bool
|
||||
|
|
@ -68,58 +75,16 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
|
|||
buf = make([]byte, outLen)
|
||||
}
|
||||
|
||||
// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
|
||||
|
||||
// Create scratch space "context"
|
||||
ctx := C.EVP_CIPHER_CTX_new()
|
||||
if ctx == nil {
|
||||
log.Panic("EVP_CIPHER_CTX_new failed")
|
||||
}
|
||||
|
||||
// Set cipher
|
||||
if C.EVP_EncryptInit_ex(ctx, C.EVP_chacha20_poly1305(), nil, nil, nil) != 1 {
|
||||
log.Panic("EVP_EncryptInit_ex I failed")
|
||||
}
|
||||
|
||||
// Set key and IV
|
||||
if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 {
|
||||
log.Panic("EVP_EncryptInit_ex II failed")
|
||||
}
|
||||
|
||||
// Provide authentication data
|
||||
var resultLen C.int
|
||||
if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
|
||||
log.Panic("EVP_EncryptUpdate authData failed")
|
||||
}
|
||||
if int(resultLen) != len(authData) {
|
||||
log.Panicf("Unexpected length %d", resultLen)
|
||||
}
|
||||
|
||||
// Encrypt "in" into "buf"
|
||||
if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 {
|
||||
log.Panic("EVP_EncryptUpdate failed")
|
||||
}
|
||||
if int(resultLen) != len(in) {
|
||||
log.Panicf("Unexpected length %d", resultLen)
|
||||
}
|
||||
|
||||
// Finalise encryption
|
||||
// Because GCM is a stream encryption, this will not write out any data.
|
||||
dummy := make([]byte, 16)
|
||||
if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 {
|
||||
log.Panic("EVP_EncryptFinal_ex failed")
|
||||
}
|
||||
if resultLen != 0 {
|
||||
log.Panicf("Unexpected length %d", resultLen)
|
||||
}
|
||||
|
||||
// Get MAC tag and append it to the ciphertext in "buf"
|
||||
if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_AEAD_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 {
|
||||
log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_AEAD_GET_TAG failed")
|
||||
}
|
||||
|
||||
// Free scratch space
|
||||
C.EVP_CIPHER_CTX_free(ctx)
|
||||
C.chacha20poly1305_seal((*C.uchar)(&in[0]),
|
||||
C.int(len(in)),
|
||||
(*C.uchar)(&authData[0]),
|
||||
C.int(len(authData)),
|
||||
(*C.uchar)(&g.key[0]),
|
||||
C.int(len(g.key)),
|
||||
(*C.uchar)(&iv[0]),
|
||||
C.int(len(iv)),
|
||||
(*C.uchar)(&buf[0]),
|
||||
C.int(len(buf)))
|
||||
|
||||
if inplace {
|
||||
return dst[:len(dst)+outLen]
|
||||
|
|
|
|||
Loading…
Reference in New Issue