libgocryptfs/internal/stupidgcm/prefer.go

package stupidgcm

import (
	"runtime"

	"golang.org/x/sys/cpu"
)

// PreferOpenSSLAES256GCM tells us if OpenSSL AES-256-GCM is faster than Go stdlib
// on this machine.
//
// Go GCM is only faster if the CPU either:
//
// 1) Is X86_64 && has AES instructions && Go is v1.6  or higher
// 2) Is ARM64  && has AES instructions && Go is v1.11 or higher
//    (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
//
// See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
// for benchmarks.
func PreferOpenSSLAES256GCM() bool {
	if BuiltWithoutOpenssl {
		return false
	}
	// If the CPU has AES acceleration, Go stdlib is faster
	if CpuHasAES() {
		return false
	}
	// Otherwise OpenSSL is probably faster
	return true
}

// PreferOpenSSLXchacha20poly1305 returns true if OpenSSL Xchacha20poly1305 is
// faster than Go stdlib on this machine.
func PreferOpenSSLXchacha20poly1305() bool {
	if BuiltWithoutOpenssl {
		return false
	}
	// Go x/crypto has optimized assembly for amd64:
	// https://github.com/golang/crypto/blob/master/chacha20poly1305/chacha20poly1305_amd64.s
	if runtime.GOARCH == "amd64" {
		return false
	}
	// On arm64 and arm, OpenSSL is faster. Probably everwhere else too.
	return true
}

// CpuHasAES tells you if the CPU we are running has AES acceleration that is
// usable by the Go crypto library.
func CpuHasAES() bool {
	// Safe to call on other architectures - will just read false.
	if cpu.X86.HasAES || cpu.ARM64.HasAES {
		return true
	}
	// On the Apple M1, the CPU has AES acceleration, despite cpu.ARM64.HasAES
	// reading false: https://github.com/rfjakob/gocryptfs/issues/556#issuecomment-848079309
	if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" {
		return true
	}
	return false
}