-speed: add XChaCha20-Poly1305-OpenSSL

$ ./gocryptfs -speed
gocryptfs v2.1-56-gdb1466f-dirty.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-02 go1.17 linux/amd64
AES-GCM-256-OpenSSL       	 529.53 MB/s
AES-GCM-256-Go            	 833.85 MB/s	(selected in auto mode)
AES-SIV-512-Go            	 155.27 MB/s
XChaCha20-Poly1305-Go     	 715.33 MB/s	(use via -xchacha flag)
XChaCha20-Poly1305-OpenSSL	 468.94 MB/s

https://github.com/rfjakob/gocryptfs/issues/452

3 files changed, 35 insertions, 4 deletions

diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 8fb7936..1b692ff 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -48,6 +48,9 @@ var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512-Go", siv_aead.NonceSi
 // "XChaCha20-Poly1305-Go" in gocryptfs -speed.
 var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305-Go", chacha20poly1305.NonceSizeX}
 
+// BackendXChaCha20Poly1305OpenSSL specifies XChaCha20-Poly1305-OpenSSL.
+var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305-OpenSSL", chacha20poly1305.NonceSizeX}
+
 // CryptoCore is the low level crypto implementation.
 type CryptoCore struct {
 	// EME is used for filename encryption.
diff --git a/internal/speed/speed.go b/internal/speed/speed.go
index 46e138d..d53e402 100644
--- a/internal/speed/speed.go
+++ b/internal/speed/speed.go
@@ -35,10 +35,11 @@ func Run() {
 		{name: cryptocore.BackendOpenSSL.Name, f: bStupidGCM, preferred: stupidgcm.PreferOpenSSL()},
 		{name: cryptocore.BackendGoGCM.Name, f: bGoGCM, preferred: !stupidgcm.PreferOpenSSL()},
 		{name: cryptocore.BackendAESSIV.Name, f: bAESSIV, preferred: false},
-		{name: cryptocore.BackendXChaCha20Poly1305.Name, f: bChacha20poly1305, preferred: false},
+		{name: cryptocore.BackendXChaCha20Poly1305.Name, f: bXchacha20poly1305, preferred: false},
+		{name: cryptocore.BackendXChaCha20Poly1305OpenSSL.Name, f: bStupidXchacha, preferred: false},
 	}
 	for _, b := range bTable {
-		fmt.Printf("%-20s\t", b.name)
+		fmt.Printf("%-26s\t", b.name)
 		mbs := mbPerSec(testing.Benchmark(b.f))
 		if mbs > 0 {
 			fmt.Printf("%7.2f MB/s", mbs)
@@ -132,8 +133,8 @@ func bAESSIV(b *testing.B) {
 	}
 }
 
-// bChacha20poly1305 benchmarks XChaCha20 from golang.org/x/crypto/chacha20poly1305
-func bChacha20poly1305(b *testing.B) {
+// bXchacha20poly1305 benchmarks XChaCha20 from golang.org/x/crypto/chacha20poly1305
+func bXchacha20poly1305(b *testing.B) {
 	key := randBytes(32)
 	authData := randBytes(adLen)
 	iv := randBytes(chacha20poly1305.NonceSizeX)
@@ -147,3 +148,22 @@ func bChacha20poly1305(b *testing.B) {
 		c.Seal(iv, iv, in, authData)
 	}
 }
+
+// bStupidXchacha benchmarks OpenSSL XChaCha20
+func bStupidXchacha(b *testing.B) {
+	if stupidgcm.BuiltWithoutOpenssl {
+		b.Skip("openssl has been disabled at compile-time")
+	}
+	key := randBytes(32)
+	authData := randBytes(adLen)
+	iv := randBytes(chacha20poly1305.NonceSizeX)
+	in := make([]byte, blockSize)
+	b.SetBytes(int64(len(in)))
+	c := stupidgcm.NewXchacha20poly1305(key)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		// Encrypt and append to nonce
+		c.Seal(iv, iv, in, authData)
+	}
+}
diff --git a/internal/speed/speed_test.go b/internal/speed/speed_test.go
index f3ec66c..a6f3f30 100644
--- a/internal/speed/speed_test.go
+++ b/internal/speed/speed_test.go
@@ -27,3 +27,11 @@ func BenchmarkGoGCM(b *testing.B) {
 func BenchmarkAESSIV(b *testing.B) {
 	bAESSIV(b)
 }
+
+func BenchmarkXchacha(b *testing.B) {
+	bXchacha20poly1305(b)
+}
+
+func BenchmarkStupidXchacha(b *testing.B) {
+	bStupidXchacha(b)
+}