From f06f27e7bc098e334024c365004f9303e79997d9 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Thu, 6 Jun 2024 10:07:08 +0200 Subject: stupidgcm: detect AES-GCM acceleration like crypto/tls Instead of just looking for AES, also look for PCLMULQDQ, like crypto/tls does. Fixes: https://github.com/rfjakob/gocryptfs/issues/822 --- internal/speed/speed.go | 6 +++--- internal/stupidgcm/cipher_suites.go | 28 ++++++++++++++++++++++++++++ internal/stupidgcm/prefer.go | 14 ++++++-------- 3 files changed, 37 insertions(+), 11 deletions(-) create mode 100644 internal/stupidgcm/cipher_suites.go (limited to 'internal') diff --git a/internal/speed/speed.go b/internal/speed/speed.go index a361cf5..d6fa12e 100644 --- a/internal/speed/speed.go +++ b/internal/speed/speed.go @@ -31,9 +31,9 @@ func Run() { if cpu == "" { cpu = "unknown" } - aes := "; no AES acceleration" - if stupidgcm.CpuHasAES() { - aes = "; with AES acceleration" + aes := "; no AES-GCM acceleration" + if stupidgcm.HasAESGCMHardwareSupport() { + aes = "; with AES-GCM acceleration" } fmt.Printf("cpu: %s%s\n", cpu, aes) diff --git a/internal/stupidgcm/cipher_suites.go b/internal/stupidgcm/cipher_suites.go new file mode 100644 index 0000000..fd032fd --- /dev/null +++ b/internal/stupidgcm/cipher_suites.go @@ -0,0 +1,28 @@ +package stupidgcm + +import ( + "runtime" + + "golang.org/x/sys/cpu" +) + +// ******** +// Carbon-copied from Go Stdlib +// https://github.com/golang/go/blob/45967bb18e04fa6dc62c2786c87ce120443c64f6/src/crypto/tls/cipher_suites.go#L367 +// ******** + +var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + // Keep in sync with crypto/aes/cipher_s390x.go. + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && + (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) + + hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || + runtime.GOARCH == "arm64" && hasGCMAsmARM64 || + runtime.GOARCH == "s390x" && hasGCMAsmS390X +) + +// ******** +// End carbon-copy +// ******** diff --git a/internal/stupidgcm/prefer.go b/internal/stupidgcm/prefer.go index e3f52d4..6a8cf77 100644 --- a/internal/stupidgcm/prefer.go +++ b/internal/stupidgcm/prefer.go @@ -2,8 +2,6 @@ package stupidgcm import ( "runtime" - - "golang.org/x/sys/cpu" ) // PreferOpenSSLAES256GCM tells us if OpenSSL AES-256-GCM is faster than Go stdlib @@ -22,7 +20,7 @@ func PreferOpenSSLAES256GCM() bool { return false } // If the CPU has AES acceleration, Go stdlib is faster - if CpuHasAES() { + if HasAESGCMHardwareSupport() { return false } // Otherwise OpenSSL is probably faster @@ -44,13 +42,13 @@ func PreferOpenSSLXchacha20poly1305() bool { return true } -// CpuHasAES tells you if the CPU we are running has AES acceleration that is -// usable by the Go crypto library. -func CpuHasAES() bool { - // Safe to call on other architectures - will just read false. - if cpu.X86.HasAES || cpu.ARM64.HasAES { +// HasAESGCMHardwareSupport tells you if the CPU we are running has AES-GCM +// acceleration that is usable by the Go crypto library. +func HasAESGCMHardwareSupport() bool { + if hasAESGCMHardwareSupport { return true } + // On the Apple M1, the CPU has AES acceleration, despite cpu.ARM64.HasAES // reading false: https://github.com/rfjakob/gocryptfs/issues/556#issuecomment-848079309 if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { -- cgit v1.2.3