stupidgcm: detect AES-GCM acceleration like crypto/tls

Instead of just looking for AES, also look for PCLMULQDQ, like crypto/tls does. Fixes: #822
rfjakob · Jun 6, 2024 · f06f27e · f06f27e
1 parent da87308
commit f06f27e
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 13 deletions.
diff --git a/init_dir.go b/init_dir.go
@@ -68,9 +68,9 @@ func initDir(args *argContainer) {
 			tlog.Fatal.Printf("Invalid cipherdir: %v", err)
 			os.Exit(exitcodes.CipherDir)
 		}
-		if !args.xchacha && !stupidgcm.CpuHasAES() {
+		if !args.xchacha && !stupidgcm.HasAESGCMHardwareSupport() {
 			tlog.Info.Printf(tlog.ColorYellow +
-				"Notice: Your CPU does not have AES acceleration. Consider using -xchacha for better performance." +
+				"Notice: Your CPU does not have AES-GCM acceleration. Consider using -xchacha for better performance." +
 				tlog.ColorReset)
 		}
 	}

diff --git a/internal/speed/speed.go b/internal/speed/speed.go
@@ -31,9 +31,9 @@ func Run() {
 	if cpu == "" {
 		cpu = "unknown"
 	}
-	aes := "; no AES acceleration"
-	if stupidgcm.CpuHasAES() {
-		aes = "; with AES acceleration"
+	aes := "; no AES-GCM acceleration"
+	if stupidgcm.HasAESGCMHardwareSupport() {
+		aes = "; with AES-GCM acceleration"
 	}
 	fmt.Printf("cpu: %s%s\n", cpu, aes)
 

diff --git a/internal/stupidgcm/cipher_suites.go b/internal/stupidgcm/cipher_suites.go
@@ -0,0 +1,28 @@
+package stupidgcm
+
+import (
+	"runtime"
+
+	"golang.org/x/sys/cpu"
+)
+
+// ********
+// Carbon-copied from Go Stdlib
+// https://github.com/golang/go/blob/45967bb18e04fa6dc62c2786c87ce120443c64f6/src/crypto/tls/cipher_suites.go#L367
+// ********
+
+var (
+	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+	hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+	// Keep in sync with crypto/aes/cipher_s390x.go.
+	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR &&
+		(cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
+
+	hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 ||
+		runtime.GOARCH == "arm64" && hasGCMAsmARM64 ||
+		runtime.GOARCH == "s390x" && hasGCMAsmS390X
+)
+
+// ********
+// End carbon-copy
+// ********
diff --git a/internal/stupidgcm/prefer.go b/internal/stupidgcm/prefer.go
@@ -2,8 +2,6 @@ package stupidgcm
 
 import (
 	"runtime"
-
-	"golang.org/x/sys/cpu"
 )
 
 // PreferOpenSSLAES256GCM tells us if OpenSSL AES-256-GCM is faster than Go stdlib
@@ -22,7 +20,7 @@ func PreferOpenSSLAES256GCM() bool {
 		return false
 	}
 	// If the CPU has AES acceleration, Go stdlib is faster
-	if CpuHasAES() {
+	if HasAESGCMHardwareSupport() {
 		return false
 	}
 	// Otherwise OpenSSL is probably faster
@@ -44,13 +42,13 @@ func PreferOpenSSLXchacha20poly1305() bool {
 	return true
 }
 
-// CpuHasAES tells you if the CPU we are running has AES acceleration that is
-// usable by the Go crypto library.
-func CpuHasAES() bool {
-	// Safe to call on other architectures - will just read false.
-	if cpu.X86.HasAES || cpu.ARM64.HasAES {
+// HasAESGCMHardwareSupport tells you if the CPU we are running has AES-GCM
+// acceleration that is usable by the Go crypto library.
+func HasAESGCMHardwareSupport() bool {
+	if hasAESGCMHardwareSupport {
 		return true
 	}
+
 	// On the Apple M1, the CPU has AES acceleration, despite cpu.ARM64.HasAES
 	// reading false: https://github.com/rfjakob/gocryptfs/issues/556#issuecomment-848079309
 	if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" {