| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: Ia209f0a6d9b19d14e655c65d1287a1416b48c487
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/707535
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
|
|
This reverts CL 636257.
Reason for revert: Does not build on 1.23 or 1.24
For golang/go#73354.
Change-Id: Ie28d5c45930a8eacd5cabed64390ef674b3fb446
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665536
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
The performance of chacha20 has been greatly improved on 3A6000 and 3A5000.
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/chacha20
cpu: Loongson-3A6000 @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
ChaCha20/64 171.9n ± 0% 159.3n ± 0% -7.33% (p=0.000 n=20)
ChaCha20/256 592.2n ± 0% 142.8n ± 0% -75.89% (p=0.000 n=20)
ChaCha20/10x25 981.5n ± 0% 518.8n ± 0% -47.14% (p=0.000 n=20)
ChaCha20/4096 8.991µ ± 0% 1.732µ ± 0% -80.74% (p=0.000 n=20)
ChaCha20/100x40 10.651µ ± 0% 5.135µ ± 0% -51.79% (p=0.000 n=20)
ChaCha20/65536 143.43µ ± 0% 28.76µ ± 0% -79.95% (p=0.000 n=20)
ChaCha20/1000x65 146.17µ ± 0% 37.13µ ± 0% -74.60% (p=0.000 n=20)
geomean 5.721µ 1.962µ -65.70%
| bench.old | bench.new |
| B/s | B/s vs base |
ChaCha20/64 355.1Mi ± 0% 383.1Mi ± 0% +7.89% (p=0.000 n=20)
ChaCha20/256 412.2Mi ± 0% 1710.2Mi ± 0% +314.86% (p=0.000 n=20)
ChaCha20/10x25 242.9Mi ± 0% 459.6Mi ± 0% +89.19% (p=0.000 n=20)
ChaCha20/4096 434.5Mi ± 0% 2255.8Mi ± 0% +419.22% (p=0.000 n=20)
ChaCha20/100x40 358.1Mi ± 0% 742.9Mi ± 0% +107.44% (p=0.000 n=20)
ChaCha20/65536 435.8Mi ± 0% 2173.2Mi ± 0% +398.72% (p=0.000 n=20)
ChaCha20/1000x65 424.1Mi ± 0% 1669.4Mi ± 0% +293.64% (p=0.000 n=20)
geomean 373.9Mi 1.065Gi +191.55%
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/chacha20
cpu: Loongson-3A5000 @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
ChaCha20/64 234.5n ± 0% 295.8n ± 0% +26.14% (p=0.000 n=20)
ChaCha20/256 782.0n ± 0% 274.6n ± 0% -64.88% (p=0.000 n=20)
ChaCha20/10x25 1340.0n ± 0% 752.7n ± 0% -43.83% (p=0.000 n=20)
ChaCha20/4096 11.744µ ± 0% 3.455µ ± 0% -70.58% (p=0.000 n=20)
ChaCha20/100x40 14.151µ ± 0% 7.435µ ± 0% -47.46% (p=0.000 n=20)
ChaCha20/65536 188.05µ ± 0% 54.33µ ± 0% -71.11% (p=0.000 n=20)
ChaCha20/1000x65 191.44µ ± 0% 66.29µ ± 0% -65.37% (p=0.000 n=20)
geomean 7.604µ 3.436µ -54.81%
| bench.old | bench.new |
| B/s | B/s vs base |
ChaCha20/64 260.3Mi ± 0% 206.3Mi ± 0% -20.73% (p=0.000 n=20)
ChaCha20/256 312.2Mi ± 0% 888.9Mi ± 0% +184.75% (p=0.000 n=20)
ChaCha20/10x25 177.9Mi ± 0% 316.8Mi ± 0% +78.08% (p=0.000 n=20)
ChaCha20/4096 332.6Mi ± 0% 1130.8Mi ± 0% +239.95% (p=0.000 n=20)
ChaCha20/100x40 269.6Mi ± 0% 513.1Mi ± 0% +90.34% (p=0.000 n=20)
ChaCha20/65536 332.4Mi ± 0% 1150.5Mi ± 0% +246.16% (p=0.000 n=20)
ChaCha20/1000x65 323.8Mi ± 0% 935.2Mi ± 0% +188.81% (p=0.000 n=20)
geomean 281.3Mi 622.6Mi +121.31%
Change-Id: I5386f2029122076c1d22a04610567e3df23877cd
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/636257
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
This requires fixing an incorrect save of the counter. It is a word
value. It happens to work on LE because length is limited to u32.
Refactor the constant table to load correctly independent of byte
ordering.
Add byte order swapping where output needs converted to LE
ordering for storage.
Change-Id: Ic7e09bd1c769bb77dd6e817f5a8639ba765f4c0f
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/614297
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Archana Ravindar <aravinda@redhat.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
- Adding PCALIGN before the loops
- Changing WORD directive with corresponding Vector Merge EVEN/ODD word instructions
- Replacing Branch Conditional (BC) with its extended mnemonic form BDNZ
- VPERMXOR instruction usage in place of VXOR instructions followed by
VRLW (rotate left) for cases of rotating in multiples of 8. This
replacements give performace improvement both in time and space of around 7%-8% as listed below
using benchstat tool.
goos: linux
goarch: ppc64le
pkg: golang.org/x/crypto/chacha20
cpu: POWER10
| chacha20.prev.out | chacha20.new.out |
| sec/op | sec/op vs base |
ChaCha20/64 171.9n ± 0% 156.6n ± 1% -8.90% (p=0.002 n=6)
ChaCha20/256 165.5n ± 0% 152.4n ± 0% -7.92% (p=0.002 n=6)
ChaCha20/10x25 505.8n ± 0% 504.3n ± 2% -0.32% (p=0.589 n=6)
ChaCha20/4096 2.265µ ± 0% 2.052µ ± 0% -9.40% (p=0.002 n=6)
ChaCha20/100x40 5.359µ ± 3% 5.018µ ± 2% -6.37% (p=0.002 n=6)
ChaCha20/65536 35.71µ ± 0% 32.29µ ± 0% -9.57% (p=0.002 n=6)
ChaCha20/1000x65 44.63µ ± 0% 41.05µ ± 0% -8.02% (p=0.002 n=6)
geomean 2.235µ 2.073µ -7.26%
| chacha20.prev.out | chacha20.new.out |
| B/s | B/s vs base |
ChaCha20/64 355.1Mi ± 0% 389.8Mi ± 1% +9.78% (p=0.002 n=6)
ChaCha20/256 1.440Gi ± 0% 1.565Gi ± 0% +8.62% (p=0.002 n=6)
ChaCha20/10x25 471.3Mi ± 0% 472.8Mi ± 2% +0.31% (p=0.589 n=6)
ChaCha20/4096 1.684Gi ± 0% 1.859Gi ± 0% +10.38% (p=0.002 n=6)
ChaCha20/100x40 711.8Mi ± 3% 760.3Mi ± 2% +6.80% (p=0.002 n=6)
ChaCha20/65536 1.709Gi ± 0% 1.890Gi ± 0% +10.59% (p=0.002 n=6)
ChaCha20/1000x65 1.356Gi ± 0% 1.475Gi ± 0% +8.72% (p=0.002 n=6)
geomean 957.3Mi 1.008Gi +7.83%
Change-Id: Ib31cb10a2a11eacdacf0272fbfd887eb5ccd8bcb
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/564797
Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
Run-TryBot: Paul Murphy <murp@ibm.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Done with:
go get go@1.18
go mod tidy
go fix ./...
Using go1.21.3.
Also update avo to v0.5.0 in the curve25519/internal/field/_asm module.
It's newer and produces no diff in the generated code.
For golang/go#60268.
Change-Id: I9bd771ee8561595d7f68aaca76df6e3e33d35013
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/534141
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Other packages already dropped compatibility with go < 1.12, so it should be safe to remove it for this package as well.
Change-Id: Ib1424763e3aa94d0187a667ebee058100136f53b
GitHub-Last-Rev: 51df9690a5f37ba50d5ae5e84cf31b78fb6c5cd8
GitHub-Pull-Request: golang/crypto#241
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/448241
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
|
|
This avoids an import conflict in code that needs to import
crypto/subtle as well.
CL 424194 does the same for the main repo.
Change-Id: Ic54cb62bbfdcf5c2cb6f15ac47075ee1c41981ad
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/424175
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
|
|
Gofmt to update doc comments to the new formatting.
For golang/go#51082.
Change-Id: I076031b6613691eefbb0f21739366e3fd2011ec9
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/399356
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
For golang/go#41184
Change-Id: Ica67fdbf2745ad2eef63dbb9ef70136e9e6fd348
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/319469
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Not strictly necessary but will avoid spurious changes
as files are edited.
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Change-Id: I70526bf588bf4078887e567795867ece785d666b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/294415
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
appengine is obsolete and superseded by purego, and gc is a more
precise tag for files that use gc-syntax assembly.
Change-Id: I716f59de772ebeee4adf4d2a432edf300122cef0
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/269920
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Change-Id: I003c389585a42089fc9cc595d1f5f1027cd482f2
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/272306
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
Certain operations with counter values close to overflowing were causing
an unnecessary panic, which was reachable due to the SetCounter API and
actually observed in QUIC.
Tests by lukechampine <luke.champine@gmail.com> from CL 220591.
Fixes golang/go#37157
Relanding of CL 224279, which was broken on multi-block buffers.
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224279
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Change-Id: Ia382c6f62ae49ffe257b67f7b794e8d7124d981e
(cherry picked from commit 1c2c788b11ecf76cd7fbd7bba62146eb7082bdd8)
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/229119
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
Some small changes to improve computation throughput of noasm chacha20 by between 4-11%.
name old time/op new time/op delta
ChaCha20/64-12 142ns ± 1% 132ns ± 1% -7.09% (p=0.000 n=20+20)
ChaCha20/256-12 485ns ± 1% 441ns ± 1% -9.08% (p=0.000 n=20+20)
ChaCha20/10x25-12 822ns ± 1% 785ns ± 1% -4.42% (p=0.000 n=20+20)
ChaCha20/4096-12 484ns ± 1% 442ns ± 1% -8.80% (p=0.000 n=20+19)
ChaCha20/100x40-12 8.65µs ± 1% 8.08µs ± 1% -6.54% (p=0.000 n=19+20)
ChaCha20/65536-12 118µs ± 1% 106µs ± 1% -10.04% (p=0.000 n=19+20)
ChaCha20/1000x65-12 120µs ± 1% 108µs ± 0% -9.84% (p=0.000 n=19+19)
name old speed new speed delta
ChaCha20/64-12 450MB/s ± 1% 484MB/s ± 1% +7.61% (p=0.000 n=19+19)
ChaCha20/256-12 527MB/s ± 1% 580MB/s ± 1% +10.03% (p=0.000 n=20+20)
ChaCha20/10x25-12 304MB/s ± 1% 318MB/s ± 1% +4.62% (p=0.000 n=20+20)
ChaCha20/4096-12 529MB/s ± 1% 580MB/s ± 1% +9.70% (p=0.000 n=19+20)
ChaCha20/100x40-12 463MB/s ± 1% 495MB/s ± 1% +7.00% (p=0.000 n=19+20)
ChaCha20/65536-12 556MB/s ± 1% 618MB/s ± 1% +11.16% (p=0.000 n=19+20)
ChaCha20/1000x65-12 542MB/s ± 1% 602MB/s ± 0% +10.92% (p=0.000 n=19+19)
Redundant bound checks on loading key and nonce as uint32s in newUnauthenticatedCipher
are eliminated.
In the main block loop, two changes were made:
1. Specialise the xor function to addXor, so the final block state variables don't need to be
separately incremented by the initial block state before XORing with the input block.
2. Change the loop condition to be bound by len(src) >=64 and len(dst) >= 64.
This eliminates all bound checks later in the load-xor-store stage.
As a result, src and dst are resliced in-place after each block.
Change-Id: Ic3165a556bf7cb2d71349d534cdd21d06d9a7a2c
GitHub-Last-Rev: b3b1a185004c551919a8984547a5bac0283919a1
GitHub-Pull-Request: golang/crypto#131
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/228618
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
This reverts CL 224279.
Reason for revert: broken on arm64, ppc64le and s390x 😢
Change-Id: I8632ee78a79696a3117c81729904797233e0071d
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/229118
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
Certain operations with counter values close to overflowing were causing
an unnecessary panic, which was reachable due to the SetCounter API and
actually observed in QUIC.
Tests by lukechampine <luke.champine@gmail.com> from CL 220591.
Fixes golang/go#37157
Change-Id: Iba52edb1ba36af391b8fe4ee615c5c41d7e64f48
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224279
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
appengine was only necessary for the legacy system based on Go 1.9, drop
that. Add purego tags instead. Remove redundant architecture tags.
Change-Id: Ib1f65a4837511e63e08c1aa43163a79cfe868e0c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/215498
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
|
Fixes golang/go#35506
Change-Id: I5cfc6b4dc07ab368e370edaee11841c2c1377f82
GitHub-Last-Rev: 16147a1668a903532f2d3777b873ddad8f0f26f5
GitHub-Pull-Request: golang/crypto#108
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/206638
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Simply add the NonceSizeX constant, and accept 24 bytes nonces in
NewUnauthenticatedCipher. Based on draft-irtf-cfrg-xchacha-01 and
libsodium's implementation.
Fixes golang/go#24485
Change-Id: I551c8ace258bd54b95bb204c8bb34bccd1c4b615
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/185991
Reviewed-by: Michael Munday <mike.munday@ibm.com>
|
|
const KeySize = 32
const NonceSize = 12
func HChaCha20(key, nonce []byte) ([]byte, error)
type Cipher struct {}
func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error)
func (s *Cipher) XORKeyStream(dst, src []byte)
Small performance hit in chacha20poly1305, probably due to the loss
of the Advance API, which we might consider adding later. No new
allocations, thanks to the mid-stack inliner.
name old time/op new time/op delta
Chacha20Poly1305/Open-64-8 1.60µs ± 0% 1.68µs ± 1% +4.94% (p=0.000 n=9+10)
Chacha20Poly1305/Seal-64-8 1.56µs ± 0% 1.64µs ± 1% +5.21% (p=0.000 n=8+10)
Chacha20Poly1305/Open-64-X-8 2.10µs ± 1% 2.22µs ± 1% +5.81% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-64-X-8 2.07µs ± 1% 2.17µs ± 0% +4.88% (p=0.000 n=10+10)
Chacha20Poly1305/Open-1350-8 15.4µs ± 0% 15.7µs ± 1% +1.65% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-1350-8 15.6µs ± 2% 15.9µs ± 1% +1.58% (p=0.028 n=10+9)
Chacha20Poly1305/Open-1350-X-8 16.0µs ± 1% 16.3µs ± 2% +2.00% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-1350-X-8 15.9µs ± 0% 16.3µs ± 1% +1.91% (p=0.000 n=10+8)
Chacha20Poly1305/Open-8192-8 85.6µs ± 0% 86.6µs ± 1% +1.21% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-8192-8 85.7µs ± 0% 86.3µs ± 0% +0.68% (p=0.001 n=9+9)
Chacha20Poly1305/Open-8192-X-8 86.4µs ± 1% 87.1µs ± 1% +0.76% (p=0.035 n=10+9)
Chacha20Poly1305/Seal-8192-X-8 86.0µs ± 0% 87.0µs ± 1% +1.14% (p=0.000 n=9+9)
Updates golang/go#24485
Change-Id: I2ec2ef487a03f013049915d9063751c75a78408b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/185980
Reviewed-by: Michael Munday <mike.munday@ibm.com>
|
