summaryrefslogtreecommitdiff
path: root/internal/stupidgcm
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-09-03 16:44:13 +0200
committerJakob Unterwurzacher2021-09-07 18:14:05 +0200
commita3f5a8492a8bc62d8e2a639bd449b425efa66ce2 (patch)
tree050677e396e6f89211bb9fc1a006e8284625fd31 /internal/stupidgcm
parent9e1dd73e55e095b8e8b4264897c4d21fcdcdb2ae (diff)
stupidgcm: batch C calls in chacha20poly1305_seal
Go has a high overhead for each C call, so batch all openssl operations in the new C function chacha20poly1305_seal. Benchmark results: internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > old.txt internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > new.txt internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 8.79µs ± 1% 7.25µs ± 1% -17.54% (p=0.000 n=10+10) name old speed new speed delta StupidXchacha-4 466MB/s ± 1% 565MB/s ± 1% +21.27% (p=0.000 n=10+10)
Diffstat (limited to 'internal/stupidgcm')
-rw-r--r--internal/stupidgcm/.gitignore1
-rw-r--r--internal/stupidgcm/Makefile7
-rw-r--r--internal/stupidgcm/chacha.c98
-rw-r--r--internal/stupidgcm/stupidchacha.go77
4 files changed, 127 insertions, 56 deletions
diff --git a/internal/stupidgcm/.gitignore b/internal/stupidgcm/.gitignore
new file mode 100644
index 0000000..5761abc
--- /dev/null
+++ b/internal/stupidgcm/.gitignore
@@ -0,0 +1 @@
+*.o
diff --git a/internal/stupidgcm/Makefile b/internal/stupidgcm/Makefile
new file mode 100644
index 0000000..19f9914
--- /dev/null
+++ b/internal/stupidgcm/Makefile
@@ -0,0 +1,7 @@
+.PHONY: gcc
+gcc:
+ gcc -Wall -Wextra -Wformat-security -Wconversion -lcrypto -c *.c
+
+.PHONY: format
+format:
+ clang-format --style=WebKit -i *.c
diff --git a/internal/stupidgcm/chacha.c b/internal/stupidgcm/chacha.c
new file mode 100644
index 0000000..c85cf78
--- /dev/null
+++ b/internal/stupidgcm/chacha.c
@@ -0,0 +1,98 @@
+#include <openssl/evp.h>
+#include <stdio.h>
+//#cgo pkg-config: libcrypto
+
+extern void panic1(void);
+
+static void panic(const char* const msg)
+{
+ fprintf(stderr, "panic in C code: %s\n", msg);
+ __builtin_trap();
+}
+
+// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
+int chacha20poly1305_seal(
+ const unsigned char* const plaintext,
+ const int plaintextLen,
+ const unsigned char* const authData,
+ const int authDataLen,
+ const unsigned char* const key,
+ const int keyLen,
+ const unsigned char* const iv,
+ const int ivLen,
+ unsigned char* const ciphertext,
+ const int ciphertextBufLen)
+{
+ // Create scratch space "context"
+ EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ panic("EVP_CIPHER_CTX_new failed");
+ }
+
+ // Set cipher
+ if (EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL) != 1) {
+ panic("EVP_EncryptInit_ex set cipher failed");
+ }
+
+ // Check keyLen by trying to set it (fails if keyLen != 32)
+ if (EVP_CIPHER_CTX_set_key_length(ctx, keyLen) != 1) {
+ panic("keyLen mismatch");
+ }
+
+ // Set IV length so we do not depend on the default
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivLen, NULL) != 1) {
+ panic("EVP_CTRL_AEAD_SET_IVLEN failed");
+ }
+
+ // Set key and IV
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) != 1) {
+ panic("EVP_EncryptInit_ex set key & iv failed");
+ }
+
+ // Provide authentication data
+ int outLen = 0;
+ if (EVP_EncryptUpdate(ctx, NULL, &outLen, authData, authDataLen) != 1) {
+ panic("EVP_EncryptUpdate authData failed");
+ }
+ if (outLen != authDataLen) {
+ panic("EVP_EncryptUpdate authData: unexpected length");
+ }
+
+ // Encrypt "plaintext" into "ciphertext"
+ if (plaintextLen > ciphertextBufLen) {
+ panic("plaintext overflows output buffer");
+ }
+ if (EVP_EncryptUpdate(ctx, ciphertext, &outLen, plaintext, plaintextLen) != 1) {
+ panic("EVP_EncryptUpdate ciphertext failed");
+ }
+ if (outLen != plaintextLen) {
+ panic("EVP_EncryptUpdate ciphertext: unexpected length");
+ }
+ int ciphertextLen = outLen;
+
+ // Finalise encryption
+ // Normally ciphertext bytes may be written at this stage, but this does not occur in GCM mode
+ if (EVP_EncryptFinal_ex(ctx, ciphertext + plaintextLen, &outLen) != 1) {
+ panic("EVP_EncryptFinal_ex failed");
+ }
+ if (outLen != 0) {
+ panic("EVP_EncryptFinal_ex: unexpected length");
+ }
+
+ // We only support 16-byte tags
+ const int tagLen = 16;
+
+ // Get MAC tag and append it to the ciphertext
+ if (ciphertextLen + tagLen > ciphertextBufLen) {
+ panic("tag overflows output buffer");
+ }
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tagLen, ciphertext + plaintextLen) != 1) {
+ panic("EVP_CTRL_AEAD_GET_TAG failed");
+ }
+ ciphertextLen += tagLen;
+
+ // Free scratch space
+ EVP_CIPHER_CTX_free(ctx);
+
+ return ciphertextLen;
+}
diff --git a/internal/stupidgcm/stupidchacha.go b/internal/stupidgcm/stupidchacha.go
index a6fe318..1f16a5e 100644
--- a/internal/stupidgcm/stupidchacha.go
+++ b/internal/stupidgcm/stupidchacha.go
@@ -2,10 +2,6 @@
package stupidgcm
-// #include <openssl/evp.h>
-// #cgo pkg-config: libcrypto
-import "C"
-
import (
"crypto/cipher"
"fmt"
@@ -15,6 +11,17 @@ import (
"golang.org/x/crypto/chacha20poly1305"
)
+/*
+#include <openssl/evp.h>
+#cgo pkg-config: libcrypto
+int chacha20poly1305_seal(const unsigned char * const plaintext, const int plaintextLen,
+ const unsigned char * const authData, const int authDataLen,
+ const unsigned char * const key, const int keyLen,
+ const unsigned char * const iv, const int ivLen,
+ unsigned char * const ciphertext, const int ciphertextBufLen);
+*/
+import "C"
+
type stupidChacha20poly1305 struct {
key [chacha20poly1305.KeySize]byte
wiped bool
@@ -68,58 +75,16 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
buf = make([]byte, outLen)
}
- // https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
-
- // Create scratch space "context"
- ctx := C.EVP_CIPHER_CTX_new()
- if ctx == nil {
- log.Panic("EVP_CIPHER_CTX_new failed")
- }
-
- // Set cipher
- if C.EVP_EncryptInit_ex(ctx, C.EVP_chacha20_poly1305(), nil, nil, nil) != 1 {
- log.Panic("EVP_EncryptInit_ex I failed")
- }
-
- // Set key and IV
- if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 {
- log.Panic("EVP_EncryptInit_ex II failed")
- }
-
- // Provide authentication data
- var resultLen C.int
- if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
- log.Panic("EVP_EncryptUpdate authData failed")
- }
- if int(resultLen) != len(authData) {
- log.Panicf("Unexpected length %d", resultLen)
- }
-
- // Encrypt "in" into "buf"
- if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 {
- log.Panic("EVP_EncryptUpdate failed")
- }
- if int(resultLen) != len(in) {
- log.Panicf("Unexpected length %d", resultLen)
- }
-
- // Finalise encryption
- // Because GCM is a stream encryption, this will not write out any data.
- dummy := make([]byte, 16)
- if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 {
- log.Panic("EVP_EncryptFinal_ex failed")
- }
- if resultLen != 0 {
- log.Panicf("Unexpected length %d", resultLen)
- }
-
- // Get MAC tag and append it to the ciphertext in "buf"
- if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_AEAD_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 {
- log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_AEAD_GET_TAG failed")
- }
-
- // Free scratch space
- C.EVP_CIPHER_CTX_free(ctx)
+ C.chacha20poly1305_seal((*C.uchar)(&in[0]),
+ C.int(len(in)),
+ (*C.uchar)(&authData[0]),
+ C.int(len(authData)),
+ (*C.uchar)(&g.key[0]),
+ C.int(len(g.key)),
+ (*C.uchar)(&iv[0]),
+ C.int(len(iv)),
+ (*C.uchar)(&buf[0]),
+ C.int(len(buf)))
if inplace {
return dst[:len(dst)+outLen]