| Age | Commit message (Collapse) | Author |
|---|
|
Turns out we can't use non-v1 versions for the FIPS 140-3 module, so we
decided to match the versioning of the Go release the module is frozen
from.
Change-Id: Ib5c13511a51f9930fcde86cd7e8bd39c6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/730740
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
Consistently use testenv.Command and testenv.Executable, avoid redundant
testenv.Must, use testenv.CleanCmdEnv where the output is parsed, always
log the output with a preceding newline, invoke tests with -v, and
always use cmd.Environ() to preserve existing env.
Change-Id: I647ff1a8b7d162e5e8df9424030fac446a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728641
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
mode
The enforcement is good beyond compliance if it is correct, but I am
more nervous about accidental DoS due to mismatches between how the
caller calculates a nonce and how the enforcement expects it to be
calculated.
We need to have this enforcement in FIPS 140-3 mode, but no need to blow
ourselves up when it's off.
If all goes well, this code is unreachable anyway.
Change-Id: If73ec59ebbd283b0e5506354961a87a06a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728504
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
|
|
WithoutEnforcement lets programs running under GODEBUG=fips140=only
selectively opt out of strict enforcement. This is especially helpful
for non-critical uses of cryptography routines like SHA-1 for content
addressable storage backends (E.g. git).
Fixes #74630
Change-Id: Iabba1f5eb63498db98047aca45e09c5dccf2fbdf
Reviewed-on: https://go-review.googlesource.com/c/go/+/723720
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Implement overflow-aware optimization in ctrBlocks8Asm: make a fast branch
in case when there is no overflow. One branch per 8 blocks is faster than
7 increments in general purpose registers and transfers from them to XMM.
Added AES-192 and AES-256 modes to the AES-CTR benchmark.
Added a correctness test in ctr_test.go for the overflow optimization.
This improves performance, especially in AES-128 mode.
goos: windows
goarch: amd64
pkg: crypto/cipher
cpu: AMD Ryzen 7 5800H with Radeon Graphics
│ B/s │ B/s vs base
AESCTR/128/50-16 1.377Gi ± 0% 1.384Gi ± 0% +0.51% (p=0.028 n=20)
AESCTR/128/1K-16 6.164Gi ± 0% 6.892Gi ± 1% +11.81% (p=0.000 n=20)
AESCTR/128/8K-16 7.372Gi ± 0% 8.768Gi ± 1% +18.95% (p=0.000 n=20)
AESCTR/192/50-16 1.289Gi ± 0% 1.279Gi ± 0% -0.75% (p=0.001 n=20)
AESCTR/192/1K-16 5.734Gi ± 0% 6.011Gi ± 0% +4.83% (p=0.000 n=20)
AESCTR/192/8K-16 6.889Gi ± 1% 7.437Gi ± 0% +7.96% (p=0.000 n=20)
AESCTR/256/50-16 1.170Gi ± 0% 1.163Gi ± 0% -0.54% (p=0.005 n=20)
AESCTR/256/1K-16 5.235Gi ± 0% 5.391Gi ± 0% +2.98% (p=0.000 n=20)
AESCTR/256/8K-16 6.361Gi ± 0% 6.676Gi ± 0% +4.94% (p=0.000 n=20)
geomean 3.681Gi 3.882Gi +5.46%
The slight slowdown on 50-byte workloads is unrelated to this change,
because such workloads never use ctrBlocks8Asm.
Updates #76061
Change-Id: Idfd628ac8bb282d9c73c6adf048eb12274a41379
GitHub-Last-Rev: 5aadd39351806fbbf5201e07511aac05bdcb0529
GitHub-Pull-Request: golang/go#76059
Reviewed-on: https://go-review.googlesource.com/c/go/+/714361
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: AHMAD ابو وليد <mizommz@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
First, this adds a GCM mode for QUIC, and a generic TLS 1.3/QUIC-like
XOR'd counter mode. QUIC constructs nonces exactly like TLS 1.3, but the
counter does not reset to zero on a key update, so the mask must be
provided explicitly (or we will panic well before running out of
counters because the wrong value is XOR'd out). See the analysis at
https://github.com/quic-go/quic-go/issues/5077#issuecomment-3570352683
for the details of QUIC and FIPS 140-3 compliance (including a
workaround for the key update issue).
Second, this coalesces all the compliance modes around two schemes:
fixed || counter, and fixed XOR counter. The former is used in TLS 1.2
and SSH, and the latter is used in TLS 1.3 and QUIC.
This would not be a backwards compatible change if these were public
APIs, but we only need different versions of the FIPS 140-3 module to be
source-compatible with the standard library, and the callers of these
NewGCMFor* functions only care that the return value implements
cipher.AEAD, at least for now.
This exposes no new public APIs, but lets us get started validating
these functions in v2.0.0 of the FIPS 140-3 module.
Updates #73110
Change-Id: I3d86cf8a3c4a96caf361c29f0db5f9706a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/723760
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Copying the loop variable is no longer necessary since Go 1.22.
Change-Id: Iebb21dac44a20ec200567f1d786f105a4ee4999d
Reviewed-on: https://go-review.googlesource.com/c/go/+/711640
Reviewed-by: Florian Lehner <lehner.florian86@gmail.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I7dc086a87d28ab847288eed13f719421420cd004
Reviewed-on: https://go-review.googlesource.com/c/go/+/686997
Reviewed-by: Alan Donovan <adonovan@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes #74309
Change-Id: I4d97514355d825124a8d879c2590b45b039f5fd1
Reviewed-on: https://go-review.googlesource.com/c/go/+/682596
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
The existing example uses hard-coded constant to make nonce buffer.
Using AEAD.NonceSize makes it a more portable and appropriate example.
Fixes: #48372
Change-Id: I7c7a38ed48aff46ca11ef4f5654c778eac13dde6
GitHub-Last-Rev: 03ccbb16df4ca9cbd4a014836aee0f54b2ff3002
GitHub-Pull-Request: golang/go#48373
Reviewed-on: https://go-review.googlesource.com/c/go/+/349603
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Change-Id: I24188ad5f51953b2fbdef7487acc4ab6b1d77575
Reviewed-on: https://go-review.googlesource.com/c/go/+/638175
Auto-Submit: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Somehow I had missed these.
For #69536
Change-Id: I5e60b6f052bbfb707742ad15f663517c6c5f68d3
Reviewed-on: https://go-review.googlesource.com/c/go/+/636795
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
Updates #69445
Change-Id: Ie9cd13d65f1f989f24731f8b09bbc5124873549f
Reviewed-on: https://go-review.googlesource.com/c/go/+/631019
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
Running the test suite in this mode is definitely not an option. Testing
this will probably look like a very long test that tries all functions.
Filed #70514 to track the tests.
For #70123
Change-Id: I6f67de83da37dd1e94e620b7f4f4f6aabe040c41
Reviewed-on: https://go-review.googlesource.com/c/go/+/631018
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
If Be and Le stand for big-endian and little-endian,
then they should be BE and LE.
Change-Id: I723e3962b8918da84791783d3c547638f1c9e8a9
Reviewed-on: https://go-review.googlesource.com/c/go/+/627376
Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Sometimes we've used the 140 suffix (GOFIPS140, crypto/fips140)
and sometimes not (crypto/internal/fips, cmd/go/internal/fips).
Use it always, to avoid having to remember which is which.
Also, there are other FIPS standards, like AES (FIPS 197), SHA-2 (FIPS 180),
and so on, which have nothing to do with FIPS 140. Best to be clear.
For #70123.
Change-Id: I33b29dabd9e8b2703d2af25e428f88bc81c7c307
Reviewed-on: https://go-review.googlesource.com/c/go/+/630115
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Fixes #69981
Change-Id: I0cad11f5d7673304c5a6d85fc598ddc27ab93738
Reviewed-on: https://go-review.googlesource.com/c/go/+/629175
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
For #69536
Change-Id: Ia368f515893a95e176149e23239a8e253fc5272f
Reviewed-on: https://go-review.googlesource.com/c/go/+/629095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
For #69536
Change-Id: I485c165b1d9fcd7b09ff151bbeebc57d8908bcb8
Reviewed-on: https://go-review.googlesource.com/c/go/+/626835
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
|
|
TestEmptyPlaintext and TestCryptBlocks were folded into cryptotest.
Change-Id: I6131ab8582eb0e6d3a1b24bab1147a145d9766ac
Reviewed-on: https://go-review.googlesource.com/c/go/+/624738
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
For #69536
Change-Id: Idcef2411c1fd4da302412609f28e438839e8aa4b
Reviewed-on: https://go-review.googlesource.com/c/go/+/624736
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
The crypto/aes <-> crypto/cipher interfaces and the hardware support
upgrades were layered over the years, and had grown unwieldily.
Before: conditionally wrap the private crypto/aes type in private types
that implement an interface that's interface-upgraded by crypto/cipher
to replace the generic implementation in crypto/cipher.
crypto/aes depended on crypto/cipher, which is backwards.
After: provide concrete exported implementations of modes in
crypto/internal/fips/aes that crypto/cipher returns if the input Block
is the crypto/internal/fips/aes concrete implementation.
crypto/aes and crypto/cipher both depend on crypto/internal/fips/aes.
Also, made everything follow go.dev/wiki/TargetSpecific by only putting
the minimal code necessary and no exported functions in build-tagged
files.
The GCM integration still uses an interface upgrade, because the generic
implementation is complex enough that it was not trivial to duplicate.
This will be fixed in a future CL to make review easier.
For #69536
Change-Id: I21c2b93a498edb31c562b1aca824e21e8457fdff
Reviewed-on: https://go-review.googlesource.com/c/go/+/624395
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
The implementation runs up to 8 AES instructions in different registers
one after another in ASM code. Because CPU has instruction pipelining
and the instructions do not depend on each other, they can run in
parallel with this layout of code. This results in significant speedup
compared to the regular implementation in which blocks are processed in
the same registers so AES instructions do not run in parallel.
GCM mode already utilizes the approach.
The ASM implementation of ctrAble has most of its code in XORKeyStreamAt
method which has an additional argument, offset. It allows to use it
in a stateless way and to jump to any location in the stream. The method
does not exist in pure Go and boringcrypto implementations.
[ Mailed as CL 413594, then edited by filippo@ to manage the counter
with bits.Add64, remove bounds checks, make the assembly interface more
explicit, and to port the amd64 to Avo. Squeezed another -6.38% out. ]
goos: linux
goarch: amd64
pkg: crypto/cipher
cpu: AMD Ryzen 7 PRO 8700GE w/ Radeon 780M Graphics
│ 19df80d792 │ c8b0409d40 │
│ sec/op │ sec/op vs base │
AESCTR/50-8 64.68n ± 0% 26.89n ± 0% -58.42% (p=0.000 n=10)
AESCTR/1K-8 1145.0n ± 0% 135.8n ± 0% -88.14% (p=0.000 n=10)
AESCTR/8K-8 9145.0n ± 0% 917.5n ± 0% -89.97% (p=0.000 n=10)
geomean 878.2n 149.6n -82.96%
│ 19df80d792 │ c8b0409d40 │
│ B/s │ B/s vs base │
AESCTR/50-8 737.2Mi ± 0% 1773.3Mi ± 0% +140.54% (p=0.000 n=10)
AESCTR/1K-8 848.5Mi ± 0% 7156.6Mi ± 0% +743.40% (p=0.000 n=10)
AESCTR/8K-8 853.8Mi ± 0% 8509.9Mi ± 0% +896.70% (p=0.000 n=10)
geomean 811.4Mi 4.651Gi +486.94%
Fixes #20967
Updates #39365
Updates #26673
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Change-Id: Iaeea29fb93a56456f2e54507bc25196edb31b84b
Reviewed-on: https://go-review.googlesource.com/c/go/+/621958
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
|
|
CFB and OFB are mostly unused, and not a performance target.
Updates #39365
Updates #69445
Change-Id: Ice6441e4fee2112a9e72607c63e49dbc50441ba6
Reviewed-on: https://go-review.googlesource.com/c/go/+/621957
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
|
|
For #69536
Change-Id: Id0bb46fbb39c205ebc903e72e706bbbaaeec6dbd
Reviewed-on: https://go-review.googlesource.com/c/go/+/622275
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
The remaining capacity of dst should not overlap ciphertext.
The previous wording was probably a copy paste mistake from aead Seal.
Change-Id: Iaa28073f9ea90cbe2032c0c1149a78feab6c9239
GitHub-Last-Rev: fb54bc84c471648eb9d4c56492a8ff6d7db69b2b
GitHub-Pull-Request: golang/go#69108
Reviewed-on: https://go-review.googlesource.com/c/go/+/609075
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
All changes are related to the code, except for the comments in src/regexp/syntax/parse.go and src/slices/slices.go.
Change-Id: I73c5d3c54099749b62210aa7f3182c5eb84bb6a6
GitHub-Last-Rev: 794aa9b0539811d00e1cd42be1e8d9fe9afe0281
GitHub-Pull-Request: golang/go#69170
Reviewed-on: https://go-review.googlesource.com/c/go/+/609678
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
This CL creates tests for the cipher.AEAD interface in the new
cryptotest package. This set of tests is called from the tests of
implementations of the AEAD interface, such as the GCM blockmode.
Updates #25309
Change-Id: I7612fa6fb6c1505bdf1a2cd71180dd43dc50bf4a
Reviewed-on: https://go-review.googlesource.com/c/go/+/601778
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russell Webb <russell.webb@protonmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
This CL creates tests for the cipher.Stream interface in the new
cryptotest package. This set of tests is called from the tests of
implementations of the Stream interface e.g. ctr_test.go, ofb_test.go,
rc4_test.go, etc.
Updates #25309
Change-Id: I57204ef9f4c0ec09b94e88466deb03c6715e411d
Reviewed-on: https://go-review.googlesource.com/c/go/+/595564
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russell Webb <russell.webb@protonmail.com>
|
|
This CL creates tests for the cipher.BlockMode interface in the new
cryptotest package. This set of tests is called from the tests of
implementations of the BlockMode interface e.g. cbc_test.go
Updates #25309
Change-Id: I3685bbee24d08d66f5bb4b7f001cbf520c844881
Reviewed-on: https://go-review.googlesource.com/c/go/+/595120
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russell Webb <russell.webb@protonmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Updates #54097
Change-Id: I827a5efd1736ce057b76f079466f2d9ead225898
GitHub-Last-Rev: 40af10469d85ce9f4bef4b40025589d9e44f43d6
GitHub-Pull-Request: golang/go#67321
Reviewed-on: https://go-review.googlesource.com/c/go/+/585017
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Auto-Submit: Keith Randall <khr@golang.org>
Commit-Queue: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Change-Id: I1df0685c75fc1044ba46003a69ecc7dfc53bbc2b
Reviewed-on: https://go-review.googlesource.com/c/go/+/574675
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
This reverts CL 525035.
Reason for revert: breaks many Google-internal tests (#63739), suspected miscompilation
Change-Id: I8cbebca0a187d12e16c405b2373c754e4a397ef4
Reviewed-on: https://go-review.googlesource.com/c/go/+/537598
Reviewed-by: Bryan Mills <bcmills@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Bryan Mills <bcmills@google.com>
|
|
The new noescape and nocallback directives can be used instead of the C
wrapper functions that are there just to avoid some parameters being
escaped to the heap.
This CL also helps demonstrate the use of the new directives in real
code.
I've added some benchmarks to demonstrate that this CL doesn't
introduce new heap allocations when using boringcrypto:
```
goos: linux
goarch: amd64
pkg: crypto/aes
cpu: AMD EPYC 7763 64-Core Processor
BenchmarkGCMSeal-32 8378692 143.3 ns/op 111.65 MB/s 0 B/op 0 allocs/op
BenchmarkGCMOpen-32 8383038 142.7 ns/op 112.11 MB/s 0 B/op 0 allocs/op
```
Change-Id: Ifd775484eb9a105afc5c3d4e75a6c6655cbadc53
Reviewed-on: https://go-review.googlesource.com/c/go/+/525035
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: Ifc669399dde7d6229c6ccdbe29611ed1f8698fb1
Reviewed-on: https://go-review.googlesource.com/c/go/+/534778
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: shuang cui <imcusg@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
This adds more variations for sizes of the input text
to the gcm tests.
Change-Id: I39dba5f08c77f04f94278200c3ce9234f977506f
Reviewed-on: https://go-review.googlesource.com/c/go/+/532635
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
Reviewed-by: Than McIntosh <thanm@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Change-Id: I92e110023739c6f8f7815c7e47ad7639c4e8812d
Reviewed-on: https://go-review.googlesource.com/c/go/+/435279
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: xie cui <523516579@qq.com>
|
|
Export cipher.xorBytes as subtle.XORBytes, for proposal #53021,
to provide fast XOR to cryptography libraries outside crypto/cipher.
Along with the move, implement the alignment check TODO
in xor_generic.go, so that systems with neither unaligned
accesses nor custom assembly can still XOR a word at a time
in word-based algorithms like GCM. This removes the need
for the separate cipher.xorWords.
Fixes #53021.
Change-Id: I58f80a922f1cff671b5ebc6168eb046e702b5a4c
Reviewed-on: https://go-review.googlesource.com/c/go/+/421435
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Alan Donovan <adonovan@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
This avoids an import conflict with crypto/subtle.
CL 424175 does the same for x/crypto.
Change-Id: Id4a319b3283b8affaaf769062388325b31fe1715
Reviewed-on: https://go-review.googlesource.com/c/go/+/424194
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Russ Cox <rsc@golang.org>
|
|
[This CL is part of a sequence implementing the proposal #51082.
The design doc is at https://go.dev/s/godocfmt-design.]
Run the updated gofmt, which reformats doc comments,
on the main repository. Vendored files are excluded.
For #51082.
Change-Id: I7332f099b60f716295fb34719c98c04eb1a85407
Reviewed-on: https://go-review.googlesource.com/c/go/+/384268
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
A run of lines that are indented with any number of spaces or tabs
format as a <pre> block. This commit fixes various doc comments
that format badly according to that (standard) rule.
For example, consider:
// - List item.
// Second line.
// - Another item.
Because the - lines are unindented, this is actually two paragraphs
separated by a one-line <pre> block. This CL rewrites it to:
// - List item.
// Second line.
// - Another item.
Today, that will format as a single <pre> block.
In a future release, we hope to format it as a bulleted list.
Various other minor fixes as well, all in preparation for reformatting.
For #51082.
Change-Id: I95cf06040d4186830e571cd50148be3bf8daf189
Reviewed-on: https://go-review.googlesource.com/c/go/+/384257
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
This adds an asm implementation of aes-cbc for ppc64le to
improve performance. This is ported from the
cryptogams implementation as are other functions in
crypto/aes with further description at the top of
the asm file.
Improvements on a power10:
name old time/op new time/op delta
AESCBCEncrypt1K 1.67µs ± 0% 0.87µs ±-48.15%
AESCBCDecrypt1K 1.35µs ± 0% 0.43µs ±-68.48%
name old speed new speed delta
AESCBCEncrypt1K 614MB/s ± 0% 1184MB/s ± 0%+92.84%
AESCBCDecrypt1K 757MB/s ± 0% 2403M/s ± 0 +217.21%
A fuzz test to compare the generic Go implemenation
against the asm implementation has been added.
Change-Id: I18613dfc95c640820b8f1c60d29df638efc7a75c
Reviewed-on: https://go-review.googlesource.com/c/go/+/355429
Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Paul Murphy <murp@ibm.com>
Trust: Paul Murphy <murp@ibm.com>
|
|
CL 344955 and CL 359476 removed almost all // +build lines, but leaving
some assembly files and generating scripts. Also, some files were added
with // +build lines after CL 359476 was merged. Remove these or rename
files where more appropriate.
For #41184
Change-Id: I7eb85a498ed9788b42a636e775f261d755504ffa
Reviewed-on: https://go-review.googlesource.com/c/go/+/361480
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
|
|
When these packages are released as part of Go 1.18,
Go 1.16 will no longer be supported, so we can remove
the +build tags in these files.
Ran go fix -fix=buildtag std cmd and then reverted the bootstrapDirs
as defined in src/cmd/dist/buildtool.go, which need to continue
to build with Go 1.4 for now.
Also reverted src/vendor and src/cmd/vendor, which will need
to be updated in their own repos first.
Manual changes in runtime/pprof/mprof_test.go to adjust line numbers.
For #41184.
Change-Id: Ic0f93f7091295b6abc76ed5cd6e6746e1280861e
Reviewed-on: https://go-review.googlesource.com/c/go/+/344955
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
|
|
Don't add them to files in vendor and cmd/vendor though. These will be
pulled in by updating the respective dependencies.
For #41184
Change-Id: Icc57458c9b3033c347124323f33084c85b224c70
Reviewed-on: https://go-review.googlesource.com/c/go/+/319389
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
It's useful to compare TLS AEADs. Here are the numbers on my MacBook
with an Intel(R) Core(TM) i7-7920HQ CPU @ 3.10GHz.
name speed
AESGCM/Open-128-64-8 692MB/s ± 2%
AESGCM/Seal-128-64-8 568MB/s ± 1%
AESGCM/Open-128-1350-8 3.96GB/s ± 1%
AESGCM/Seal-128-1350-8 3.17GB/s ± 4%
AESGCM/Open-128-8192-8 5.46GB/s ± 2%
AESGCM/Seal-128-8192-8 4.40GB/s ± 3%
name speed
AESGCM/Open-256-64-8 602MB/s ± 2%
AESGCM/Seal-256-64-8 508MB/s ± 1%
AESGCM/Open-256-1350-8 3.06GB/s ± 1%
AESGCM/Seal-256-1350-8 2.65GB/s ± 2%
AESGCM/Open-256-8192-8 4.02GB/s ± 3%
AESGCM/Seal-256-8192-8 3.53GB/s ± 2%
name speed
Chacha20Poly1305/Open-64-8 385MB/s ± 3%
Chacha20Poly1305/Seal-64-8 396MB/s ± 3%
Chacha20Poly1305/Open-1350-8 1.67GB/s ± 2%
Chacha20Poly1305/Seal-1350-8 1.62GB/s ± 1%
Chacha20Poly1305/Open-8192-8 2.04GB/s ± 2%
Chacha20Poly1305/Seal-8192-8 2.04GB/s ± 3%
Change-Id: I9373ab85bf132b45b41078205259100fa2d46dda
Reviewed-on: https://go-review.googlesource.com/c/go/+/314610
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Change-Id: Ia0534360e4957e58cd9a18429c39d0e32a6addb4
Reviewed-on: https://go-review.googlesource.com/c/go/+/294430
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
cpu: HiSilicon(R) Kirin 970 2.4GHz
name old time/op new time/op delta
XORBytes/8Bytes 39.8ns ± 0% 17.3ns ± 0% -56.53% (p=0.000 n=10+10)
XORBytes/128Bytes 376ns ± 0% 28ns ± 0% -92.63% (p=0.000 n=10+8)
XORBytes/2048Bytes 5.67µs ± 0% 0.22µs ± 0% -96.03% (p=0.000 n=10+10)
XORBytes/32768Bytes 90.3µs ± 0% 3.5µs ± 0% -96.12% (p=0.000 n=10+10)
AESGCMSeal1K 853ns ± 0% 853ns ± 0% ~ (all equal)
AESGCMOpen1K 876ns ± 0% 874ns ± 0% -0.23% (p=0.000 n=10+10)
AESGCMSign8K 3.09µs ± 0% 3.08µs ± 0% -0.34% (p=0.000 n=10+9)
AESGCMSeal8K 5.87µs ± 0% 5.87µs ± 0% +0.01% (p=0.008 n=10+8)
AESGCMOpen8K 5.82µs ± 0% 5.82µs ± 0% +0.02% (p=0.037 n=10+10)
AESCFBEncrypt1K 7.05µs ± 0% 4.27µs ± 0% -39.38% (p=0.000 n=10+10)
AESCFBDecrypt1K 7.12µs ± 0% 4.30µs ± 0% -39.54% (p=0.000 n=10+9)
AESCFBDecrypt8K 56.7µs ± 0% 34.1µs ± 0% -39.82% (p=0.000 n=10+10)
AESOFB1K 5.20µs ± 0% 2.54µs ± 0% -51.07% (p=0.000 n=10+10)
AESCTR1K 4.96µs ± 0% 2.30µs ± 0% -53.62% (p=0.000 n=9+10)
AESCTR8K 39.5µs ± 0% 18.2µs ± 0% -53.98% (p=0.000 n=8+10)
AESCBCEncrypt1K 5.81µs ± 0% 3.07µs ± 0% -47.13% (p=0.000 n=10+8)
AESCBCDecrypt1K 5.83µs ± 0% 3.10µs ± 0% -46.84% (p=0.000 n=10+8)
name old speed new speed delta
XORBytes/8Bytes 201MB/s ± 0% 461MB/s ± 0% +129.80% (p=0.000 n=6+10)
XORBytes/128Bytes 340MB/s ± 0% 4625MB/s ± 0% +1259.91% (p=0.000 n=8+10)
XORBytes/2048Bytes 361MB/s ± 0% 9088MB/s ± 0% +2414.23% (p=0.000 n=8+10)
XORBytes/32768Bytes 363MB/s ± 0% 9350MB/s ± 0% +2477.44% (p=0.000 n=10+10)
AESGCMSeal1K 1.20GB/s ± 0% 1.20GB/s ± 0% -0.02% (p=0.041 n=10+10)
AESGCMOpen1K 1.17GB/s ± 0% 1.17GB/s ± 0% +0.20% (p=0.000 n=10+10)
AESGCMSign8K 2.65GB/s ± 0% 2.66GB/s ± 0% +0.35% (p=0.000 n=10+9)
AESGCMSeal8K 1.40GB/s ± 0% 1.40GB/s ± 0% -0.01% (p=0.000 n=10+7)
AESGCMOpen8K 1.41GB/s ± 0% 1.41GB/s ± 0% -0.03% (p=0.022 n=10+10)
AESCFBEncrypt1K 145MB/s ± 0% 238MB/s ± 0% +64.95% (p=0.000 n=10+10)
AESCFBDecrypt1K 143MB/s ± 0% 237MB/s ± 0% +65.39% (p=0.000 n=10+9)
AESCFBDecrypt8K 144MB/s ± 0% 240MB/s ± 0% +66.15% (p=0.000 n=10+10)
AESOFB1K 196MB/s ± 0% 401MB/s ± 0% +104.35% (p=0.000 n=9+10)
AESCTR1K 205MB/s ± 0% 443MB/s ± 0% +115.57% (p=0.000 n=7+10)
AESCTR8K 207MB/s ± 0% 450MB/s ± 0% +117.27% (p=0.000 n=10+10)
AESCBCEncrypt1K 176MB/s ± 0% 334MB/s ± 0% +89.15% (p=0.000 n=10+8)
AESCBCDecrypt1K 176MB/s ± 0% 330MB/s ± 0% +88.08% (p=0.000 n=10+9)
Updates #42010
Change-Id: I75e6d66fd0070e184d93b020c55a7580c713647c
Reviewed-on: https://go-review.googlesource.com/c/go/+/142537
Reviewed-by: Meng Zhuo <mzh@golangcn.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Meng Zhuo <mzh@golangcn.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Meng Zhuo <mzh@golangcn.org>
|
|
Also fix typo in crypto/cipher/gcm_test.go.
Fixes #37118
Change-Id: I8544d1eeeb1f0336cebb977b8c5bfa5e4c5ad8c7
Reviewed-on: https://go-review.googlesource.com/c/go/+/218500
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
This improves the performance of xorBytesVSX in crypto/cipher by
unrolling the loop that does the stores. Improvement on power9:
name old time/op new time/op delta
XORBytes/8Bytes 17.9ns ± 0% 18.2ns ± 0% +1.53% (p=0.029 n=4+4)
XORBytes/128Bytes 24.4ns ± 0% 22.5ns ± 0% -7.79% (p=0.029 n=4+4)
XORBytes/2048Bytes 131ns ± 0% 109ns ± 0% -16.79% (p=0.029 n=4+4)
XORBytes/32768Bytes 1.74µs ± 0% 1.43µs ± 8% -18.04% (p=0.029 n=4+4)
Change-Id: I75bd625d3ae9daa7bda54c523028671ab036b13d
Reviewed-on: https://go-review.googlesource.com/c/go/+/197058
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Carlos Eduardo Seo <cseo@linux.vnet.ibm.com>
|
