diff options
| -rw-r--r-- | init_dir.go | 4 | ||||
| -rw-r--r-- | internal/speed/speed.go | 6 | ||||
| -rw-r--r-- | internal/stupidgcm/cipher_suites.go | 28 | ||||
| -rw-r--r-- | internal/stupidgcm/prefer.go | 14 |
4 files changed, 39 insertions, 13 deletions
diff --git a/init_dir.go b/init_dir.go index 9ba1a01..d79a4b7 100644 --- a/init_dir.go +++ b/init_dir.go @@ -68,9 +68,9 @@ func initDir(args *argContainer) { tlog.Fatal.Printf("Invalid cipherdir: %v", err) os.Exit(exitcodes.CipherDir) } - if !args.xchacha && !stupidgcm.CpuHasAES() { + if !args.xchacha && !stupidgcm.HasAESGCMHardwareSupport() { tlog.Info.Printf(tlog.ColorYellow + - "Notice: Your CPU does not have AES acceleration. Consider using -xchacha for better performance." + + "Notice: Your CPU does not have AES-GCM acceleration. Consider using -xchacha for better performance." + tlog.ColorReset) } } diff --git a/internal/speed/speed.go b/internal/speed/speed.go index a361cf5..d6fa12e 100644 --- a/internal/speed/speed.go +++ b/internal/speed/speed.go @@ -31,9 +31,9 @@ func Run() { if cpu == "" { cpu = "unknown" } - aes := "; no AES acceleration" - if stupidgcm.CpuHasAES() { - aes = "; with AES acceleration" + aes := "; no AES-GCM acceleration" + if stupidgcm.HasAESGCMHardwareSupport() { + aes = "; with AES-GCM acceleration" } fmt.Printf("cpu: %s%s\n", cpu, aes) diff --git a/internal/stupidgcm/cipher_suites.go b/internal/stupidgcm/cipher_suites.go new file mode 100644 index 0000000..fd032fd --- /dev/null +++ b/internal/stupidgcm/cipher_suites.go @@ -0,0 +1,28 @@ +package stupidgcm + +import ( + "runtime" + + "golang.org/x/sys/cpu" +) + +// ******** +// Carbon-copied from Go Stdlib +// https://github.com/golang/go/blob/45967bb18e04fa6dc62c2786c87ce120443c64f6/src/crypto/tls/cipher_suites.go#L367 +// ******** + +var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + // Keep in sync with crypto/aes/cipher_s390x.go. + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && + (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) + + hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || + runtime.GOARCH == "arm64" && hasGCMAsmARM64 || + runtime.GOARCH == "s390x" && hasGCMAsmS390X +) + +// ******** +// End carbon-copy +// ******** diff --git a/internal/stupidgcm/prefer.go b/internal/stupidgcm/prefer.go index e3f52d4..6a8cf77 100644 --- a/internal/stupidgcm/prefer.go +++ b/internal/stupidgcm/prefer.go @@ -2,8 +2,6 @@ package stupidgcm import ( "runtime" - - "golang.org/x/sys/cpu" ) // PreferOpenSSLAES256GCM tells us if OpenSSL AES-256-GCM is faster than Go stdlib @@ -22,7 +20,7 @@ func PreferOpenSSLAES256GCM() bool { return false } // If the CPU has AES acceleration, Go stdlib is faster - if CpuHasAES() { + if HasAESGCMHardwareSupport() { return false } // Otherwise OpenSSL is probably faster @@ -44,13 +42,13 @@ func PreferOpenSSLXchacha20poly1305() bool { return true } -// CpuHasAES tells you if the CPU we are running has AES acceleration that is -// usable by the Go crypto library. -func CpuHasAES() bool { - // Safe to call on other architectures - will just read false. - if cpu.X86.HasAES || cpu.ARM64.HasAES { +// HasAESGCMHardwareSupport tells you if the CPU we are running has AES-GCM +// acceleration that is usable by the Go crypto library. +func HasAESGCMHardwareSupport() bool { + if hasAESGCMHardwareSupport { return true } + // On the Apple M1, the CPU has AES acceleration, despite cpu.ARM64.HasAES // reading false: https://github.com/rfjakob/gocryptfs/issues/556#issuecomment-848079309 if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { |