From a3f5a8492a8bc62d8e2a639bd449b425efa66ce2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Fri, 3 Sep 2021 16:44:13 +0200 Subject: stupidgcm: batch C calls in chacha20poly1305_seal Go has a high overhead for each C call, so batch all openssl operations in the new C function chacha20poly1305_seal. Benchmark results: internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > old.txt internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > new.txt internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 8.79µs ± 1% 7.25µs ± 1% -17.54% (p=0.000 n=10+10) name old speed new speed delta StupidXchacha-4 466MB/s ± 1% 565MB/s ± 1% +21.27% (p=0.000 n=10+10) --- internal/stupidgcm/stupidchacha.go | 77 +++++++++++--------------------------- 1 file changed, 21 insertions(+), 56 deletions(-) (limited to 'internal/stupidgcm/stupidchacha.go') diff --git a/internal/stupidgcm/stupidchacha.go b/internal/stupidgcm/stupidchacha.go index a6fe318..1f16a5e 100644 --- a/internal/stupidgcm/stupidchacha.go +++ b/internal/stupidgcm/stupidchacha.go @@ -2,10 +2,6 @@ package stupidgcm -// #include -// #cgo pkg-config: libcrypto -import "C" - import ( "crypto/cipher" "fmt" @@ -15,6 +11,17 @@ import ( "golang.org/x/crypto/chacha20poly1305" ) +/* +#include +#cgo pkg-config: libcrypto +int chacha20poly1305_seal(const unsigned char * const plaintext, const int plaintextLen, + const unsigned char * const authData, const int authDataLen, + const unsigned char * const key, const int keyLen, + const unsigned char * const iv, const int ivLen, + unsigned char * const ciphertext, const int ciphertextBufLen); +*/ +import "C" + type stupidChacha20poly1305 struct { key [chacha20poly1305.KeySize]byte wiped bool @@ -68,58 +75,16 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte { buf = make([]byte, outLen) } - // https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode - - // Create scratch space "context" - ctx := C.EVP_CIPHER_CTX_new() - if ctx == nil { - log.Panic("EVP_CIPHER_CTX_new failed") - } - - // Set cipher - if C.EVP_EncryptInit_ex(ctx, C.EVP_chacha20_poly1305(), nil, nil, nil) != 1 { - log.Panic("EVP_EncryptInit_ex I failed") - } - - // Set key and IV - if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 { - log.Panic("EVP_EncryptInit_ex II failed") - } - - // Provide authentication data - var resultLen C.int - if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 { - log.Panic("EVP_EncryptUpdate authData failed") - } - if int(resultLen) != len(authData) { - log.Panicf("Unexpected length %d", resultLen) - } - - // Encrypt "in" into "buf" - if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 { - log.Panic("EVP_EncryptUpdate failed") - } - if int(resultLen) != len(in) { - log.Panicf("Unexpected length %d", resultLen) - } - - // Finalise encryption - // Because GCM is a stream encryption, this will not write out any data. - dummy := make([]byte, 16) - if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 { - log.Panic("EVP_EncryptFinal_ex failed") - } - if resultLen != 0 { - log.Panicf("Unexpected length %d", resultLen) - } - - // Get MAC tag and append it to the ciphertext in "buf" - if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_AEAD_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 { - log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_AEAD_GET_TAG failed") - } - - // Free scratch space - C.EVP_CIPHER_CTX_free(ctx) + C.chacha20poly1305_seal((*C.uchar)(&in[0]), + C.int(len(in)), + (*C.uchar)(&authData[0]), + C.int(len(authData)), + (*C.uchar)(&g.key[0]), + C.int(len(g.key)), + (*C.uchar)(&iv[0]), + C.int(len(iv)), + (*C.uchar)(&buf[0]), + C.int(len(buf))) if inplace { return dst[:len(dst)+outLen] -- cgit v1.2.3