diff options
Diffstat (limited to 'internal/stupidgcm')
-rw-r--r-- | internal/stupidgcm/cipher_suites.go | 28 | ||||
-rw-r--r-- | internal/stupidgcm/prefer.go | 14 |
2 files changed, 34 insertions, 8 deletions
diff --git a/internal/stupidgcm/cipher_suites.go b/internal/stupidgcm/cipher_suites.go new file mode 100644 index 0000000..fd032fd --- /dev/null +++ b/internal/stupidgcm/cipher_suites.go @@ -0,0 +1,28 @@ +package stupidgcm + +import ( + "runtime" + + "golang.org/x/sys/cpu" +) + +// ******** +// Carbon-copied from Go Stdlib +// https://github.com/golang/go/blob/45967bb18e04fa6dc62c2786c87ce120443c64f6/src/crypto/tls/cipher_suites.go#L367 +// ******** + +var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + // Keep in sync with crypto/aes/cipher_s390x.go. + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && + (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) + + hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || + runtime.GOARCH == "arm64" && hasGCMAsmARM64 || + runtime.GOARCH == "s390x" && hasGCMAsmS390X +) + +// ******** +// End carbon-copy +// ******** diff --git a/internal/stupidgcm/prefer.go b/internal/stupidgcm/prefer.go index e3f52d4..6a8cf77 100644 --- a/internal/stupidgcm/prefer.go +++ b/internal/stupidgcm/prefer.go @@ -2,8 +2,6 @@ package stupidgcm import ( "runtime" - - "golang.org/x/sys/cpu" ) // PreferOpenSSLAES256GCM tells us if OpenSSL AES-256-GCM is faster than Go stdlib @@ -22,7 +20,7 @@ func PreferOpenSSLAES256GCM() bool { return false } // If the CPU has AES acceleration, Go stdlib is faster - if CpuHasAES() { + if HasAESGCMHardwareSupport() { return false } // Otherwise OpenSSL is probably faster @@ -44,13 +42,13 @@ func PreferOpenSSLXchacha20poly1305() bool { return true } -// CpuHasAES tells you if the CPU we are running has AES acceleration that is -// usable by the Go crypto library. -func CpuHasAES() bool { - // Safe to call on other architectures - will just read false. - if cpu.X86.HasAES || cpu.ARM64.HasAES { +// HasAESGCMHardwareSupport tells you if the CPU we are running has AES-GCM +// acceleration that is usable by the Go crypto library. +func HasAESGCMHardwareSupport() bool { + if hasAESGCMHardwareSupport { return true } + // On the Apple M1, the CPU has AES acceleration, despite cpu.ARM64.HasAES // reading false: https://github.com/rfjakob/gocryptfs/issues/556#issuecomment-848079309 if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { |