aboutsummaryrefslogtreecommitdiff
path: root/internal/stupidgcm
diff options
context:
space:
mode:
Diffstat (limited to 'internal/stupidgcm')
-rw-r--r--internal/stupidgcm/cipher_suites.go28
-rw-r--r--internal/stupidgcm/prefer.go14
2 files changed, 34 insertions, 8 deletions
diff --git a/internal/stupidgcm/cipher_suites.go b/internal/stupidgcm/cipher_suites.go
new file mode 100644
index 0000000..fd032fd
--- /dev/null
+++ b/internal/stupidgcm/cipher_suites.go
@@ -0,0 +1,28 @@
+package stupidgcm
+
+import (
+ "runtime"
+
+ "golang.org/x/sys/cpu"
+)
+
+// ********
+// Carbon-copied from Go Stdlib
+// https://github.com/golang/go/blob/45967bb18e04fa6dc62c2786c87ce120443c64f6/src/crypto/tls/cipher_suites.go#L367
+// ********
+
+var (
+ hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+ hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+ // Keep in sync with crypto/aes/cipher_s390x.go.
+ hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR &&
+ (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
+
+ hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 ||
+ runtime.GOARCH == "arm64" && hasGCMAsmARM64 ||
+ runtime.GOARCH == "s390x" && hasGCMAsmS390X
+)
+
+// ********
+// End carbon-copy
+// ********
diff --git a/internal/stupidgcm/prefer.go b/internal/stupidgcm/prefer.go
index e3f52d4..6a8cf77 100644
--- a/internal/stupidgcm/prefer.go
+++ b/internal/stupidgcm/prefer.go
@@ -2,8 +2,6 @@ package stupidgcm
import (
"runtime"
-
- "golang.org/x/sys/cpu"
)
// PreferOpenSSLAES256GCM tells us if OpenSSL AES-256-GCM is faster than Go stdlib
@@ -22,7 +20,7 @@ func PreferOpenSSLAES256GCM() bool {
return false
}
// If the CPU has AES acceleration, Go stdlib is faster
- if CpuHasAES() {
+ if HasAESGCMHardwareSupport() {
return false
}
// Otherwise OpenSSL is probably faster
@@ -44,13 +42,13 @@ func PreferOpenSSLXchacha20poly1305() bool {
return true
}
-// CpuHasAES tells you if the CPU we are running has AES acceleration that is
-// usable by the Go crypto library.
-func CpuHasAES() bool {
- // Safe to call on other architectures - will just read false.
- if cpu.X86.HasAES || cpu.ARM64.HasAES {
+// HasAESGCMHardwareSupport tells you if the CPU we are running has AES-GCM
+// acceleration that is usable by the Go crypto library.
+func HasAESGCMHardwareSupport() bool {
+ if hasAESGCMHardwareSupport {
return true
}
+
// On the Apple M1, the CPU has AES acceleration, despite cpu.ARM64.HasAES
// reading false: https://github.com/rfjakob/gocryptfs/issues/556#issuecomment-848079309
if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" {