summaryrefslogtreecommitdiff
path: root/internal/stupidgcm/openssl.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-09-04 11:41:56 +0200
committerJakob Unterwurzacher2021-09-07 18:14:05 +0200
commite2ec048a09889b2bf71e8bbfef9f0584ff7d69db (patch)
tree84bb1f8c709f8db3b2dd551c7c5343c0ffe44ed9 /internal/stupidgcm/openssl.go
parentbf572aef88963732849b8e5ae679e63c6be4aa46 (diff)
stupidgcm: introduce stupidAEADCommon and use for both chacha & gcm
Nice deduplication and brings the GCM decrypt speed up to par. internal/speed$ benchstat old new name old time/op new time/op delta StupidGCM-4 4.71µs ± 0% 4.66µs ± 0% -0.99% (p=0.008 n=5+5) StupidGCMDecrypt-4 5.77µs ± 1% 4.51µs ± 0% -21.80% (p=0.008 n=5+5) name old speed new speed delta StupidGCM-4 870MB/s ± 0% 879MB/s ± 0% +1.01% (p=0.008 n=5+5) StupidGCMDecrypt-4 710MB/s ± 1% 908MB/s ± 0% +27.87% (p=0.008 n=5+5)
Diffstat (limited to 'internal/stupidgcm/openssl.go')
-rw-r--r--internal/stupidgcm/openssl.go108
1 files changed, 108 insertions, 0 deletions
diff --git a/internal/stupidgcm/openssl.go b/internal/stupidgcm/openssl.go
new file mode 100644
index 0000000..d57d100
--- /dev/null
+++ b/internal/stupidgcm/openssl.go
@@ -0,0 +1,108 @@
+package stupidgcm
+
+import (
+ "fmt"
+ "log"
+)
+
+/*
+#include "openssl_aead.h"
+#cgo pkg-config: libcrypto
+*/
+import "C"
+
+func openSSLSeal(a *stupidAEADCommon, dst, iv, in, authData []byte) []byte {
+ if a.Wiped() {
+ panic("BUG: tried to use wiped key")
+ }
+ if len(iv) != a.NonceSize() {
+ log.Panicf("Only %d-byte IVs are supported, you passed %d bytes", a.NonceSize(), len(iv))
+ }
+ if len(in) == 0 {
+ log.Panic("Zero-length input data is not supported")
+ }
+
+ // If the "dst" slice is large enough we can use it as our output buffer
+ outLen := len(in) + tagLen
+ var buf []byte
+ inplace := false
+ if cap(dst)-len(dst) >= outLen {
+ inplace = true
+ buf = dst[len(dst) : len(dst)+outLen]
+ } else {
+ buf = make([]byte, outLen)
+ }
+
+ res := int(C.openssl_aead_seal(a.openSSLEVPCipher,
+ (*C.uchar)(&in[0]),
+ C.int(len(in)),
+ (*C.uchar)(&authData[0]),
+ C.int(len(authData)),
+ (*C.uchar)(&a.key[0]),
+ C.int(len(a.key)),
+ (*C.uchar)(&iv[0]),
+ C.int(len(iv)),
+ (*C.uchar)(&buf[0]),
+ C.int(len(buf))))
+
+ if res != outLen {
+ log.Panicf("expected length %d, got %d", outLen, res)
+ }
+
+ if inplace {
+ return dst[:len(dst)+outLen]
+ }
+ return append(dst, buf...)
+}
+
+func openSSLOpen(a *stupidAEADCommon, dst, iv, in, authData []byte) ([]byte, error) {
+ if a.Wiped() {
+ panic("BUG: tried to use wiped key")
+ }
+ if len(iv) != a.NonceSize() {
+ log.Panicf("Only %d-byte IVs are supported, you passed %d bytes", a.NonceSize(), len(iv))
+ }
+ if len(in) <= tagLen {
+ return nil, fmt.Errorf("stupidChacha20poly1305: input data too short (%d bytes)", len(in))
+ }
+
+ // If the "dst" slice is large enough we can use it as our output buffer
+ outLen := len(in) - tagLen
+ var buf []byte
+ inplace := false
+ if cap(dst)-len(dst) >= outLen {
+ inplace = true
+ buf = dst[len(dst) : len(dst)+outLen]
+ } else {
+ buf = make([]byte, len(in)-tagLen)
+ }
+
+ ciphertext := in[:len(in)-tagLen]
+ tag := in[len(in)-tagLen:]
+
+ res := int(C.openssl_aead_open(a.openSSLEVPCipher,
+ (*C.uchar)(&ciphertext[0]),
+ C.int(len(ciphertext)),
+ (*C.uchar)(&authData[0]),
+ C.int(len(authData)),
+ (*C.uchar)(&tag[0]),
+ C.int(len(tag)),
+ (*C.uchar)(&a.key[0]),
+ C.int(len(a.key)),
+ (*C.uchar)(&iv[0]),
+ C.int(len(iv)),
+ (*C.uchar)(&buf[0]),
+ C.int(len(buf))))
+
+ if res < 0 {
+ return nil, ErrAuth
+ }
+ if res != outLen {
+ log.Panicf("unexpected length %d", res)
+ }
+
+ if inplace {
+ return dst[:len(dst)+outLen], nil
+ }
+ return append(dst, buf...), nil
+}