- 03 Apr, 2020 1 commit
-
-
Katie Hockman authored
Fixes golang/go#37784 Change-Id: I2fdaf96979390f3744ba8135da78107a15f5e9a8 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/226845 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 23 Mar, 2020 1 commit
-
-
Ross Kinsey authored
The existing code for decrypting OpenSSH-format keys only allows aes256-ctr, the current ssh-keygen default. However, the default encryption scheme was aes256-cbc until relatively recently, and some of these keys are still in use. Support for aes256-cbc has been added. Fixes golang/go#37939 Change-Id: I3730347109c5dd18e4cbe61b48bbca9566ad61d2 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224817 Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 20 Mar, 2020 2 commits
-
-
Yannic Bonenberger authored
Change-Id: Ie2b79a1132b3d59e5bedc71cb5aa8d9aafeb8c68 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224297 Reviewed-by:
Ian Lance Taylor <iant@golang.org>
-
Katie Hockman authored
Change-Id: Ibd6ce156550615cb85c06e734641c34fca0cfcd0 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/220697 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 17 Mar, 2020 1 commit
-
-
Lucas Bremgartner authored
Fixes golang/go#37607 Change-Id: Iedf6522ec9b9a676ac51c054407a6aef894885f5 GitHub-Last-Rev: 8cb2460c59d2e32bc3f0480bcd7867a113361c67 GitHub-Pull-Request: golang/crypto#126 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/222078 Reviewed-by:
Han-Wen Nienhuys <hanwen@google.com> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 11 Mar, 2020 1 commit
-
-
Bryan C. Mills authored
It is unclear whether unaligned reads should be allowed, or if they are even actually a good idea here. However, while we figure that out, we should un-break 'go test -race' for users of this package. Updates golang/go#37644 Updates golang/go#37298 Updates golang/go#37715 Updates golang/go#34972 Updates golang/go#35128 Change-Id: I088f5703023e4f05ee274a6753e925973f12ac1b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/222855 Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Matthew Dempsky <mdempsky@google.com>
-
- 02 Mar, 2020 2 commits
-
-
Andrew Louis authored
Fixes golang/go#37340 Change-Id: I19c4f150b8607ad4a1613cf97ad3362f4b779d7c GitHub-Last-Rev: 4215964b4a680b135301695ccd56cff88a8ffb26 GitHub-Pull-Request: golang/crypto#121 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/220343 Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
Ian Lance Taylor authored
This requirement is from RFC 4880 4.2.2.4. Also simplify the partialLengthWriter loop. The old code worked but was written in a confusing way, with a loop whose terminating condition didn't make sense and was never true in practice. Rewrite it to more clearly do a set of partial writes of decreasing size. Fixes golang/go#32474 Change-Id: Ia53ceb39a34f1d6f2ea7c60190d52948bb0db59b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/181121 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Emmanuel Odeke <emm.odeke@gmail.com>
-
- 21 Feb, 2020 3 commits
-
-
Filippo Valsorda authored
appengine was only necessary for the legacy system based on Go 1.9, drop that. Add purego tags instead. Remove redundant architecture tags. Change-Id: Ib1f65a4837511e63e08c1aa43163a79cfe868e0c Reviewed-on: https://go-review.googlesource.com/c/crypto/+/215498 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Katie Hockman <katie@golang.org> Reviewed-by:
Dmitri Shuralyov <dmitshur@golang.org>
-
lukechampine authored
Fixes golang/go#35506 Change-Id: I5cfc6b4dc07ab368e370edaee11841c2c1377f82 GitHub-Last-Rev: 16147a1668a903532f2d3777b873ddad8f0f26f5 GitHub-Pull-Request: golang/crypto#108 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/206638 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
Katie Hockman authored
Change-Id: I71d62f95954a39c476bee55e22b6fcf96a196de1 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/214939 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 20 Feb, 2020 1 commit
-
-
Filippo Valsorda authored
An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client. This issue was discovered and reported by Alex Gaynor, Fish in a Barrel, and is tracked as CVE-2020-9283. Change-Id: Ie25b78a0b0181fbbc8cc7de4f4e27d908777529c Reviewed-on: https://go-review.googlesource.com/c/crypto/+/220357 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by:
Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 19 Feb, 2020 1 commit
-
-
Katie Hockman authored
Change-Id: Ie60bdc10065018e193271b4f90f50298f1272396 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/218323 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 14 Feb, 2020 1 commit
-
-
Brad Fitzpatrick authored
Change-Id: Ie7f4848d7388811bdcf1937eab9d603de64d6e96 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/219220 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 10 Feb, 2020 2 commits
-
-
Jason Baker authored
CL 204177 broke autocert tests because they expected the old OID. Fixes golang/go#37160 Change-Id: Id732d4d249bbe5107fa0a3ba4829012600d8a52d GitHub-Last-Rev: 77e8d1ff0072866d8466c56885d01d3b91d5baef GitHub-Pull-Request: golang/crypto#117 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/218941 Reviewed-by:
Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
Jason Baker authored
It looks like the source code has fallen out of date with the draft spec. The latest version https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05 has a different OID 1.3.6.1.5.5.7.1.31 assigned. You can test that you're using the correct OID by performing a TLS-ALPN-01 challenge against a Pebble (https://github.com/letsencrypt/pebble) ACME server running with the -strict argument. This implementation will reject the obsolete OID. Change-Id: I58c52eaed487949e9071d3b9772f7acfdcc91201 GitHub-Last-Rev: 4cacc0723c431a29aec77d4fb3320d91c66c1ff5 GitHub-Pull-Request: golang/crypto#91 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/204177 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by:
Alex Vaghin <alex@cloudware.io> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 08 Feb, 2020 1 commit
-
-
Alex Brainman authored
CL 212377 changed end of input character on windows - from \n to \r. But CL 212377 did not adjust ReadConsole accordingly. For example, after CL 212377 \n was still used to end of password processing, and \r was ignored. This CL swaps these rules - \r is now used to end password processing, and \n are ignored. The change only affects windows, all non windows code should work as before. This CL also adjusts TestReadPasswordLineEnd to fit new rules. Fixes golang/go#36609 Change-Id: I027bf80d10e7d4d4b17ff0264935d14b8bea9097 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/215417 Run-TryBot: Alex Brainman <alex.brainman@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 07 Feb, 2020 1 commit
-
-
Mariano Cano authored
This adds support for parsing OpenSSH ECDSA private keys. It implements parsing for P-256, P-384, and P-521 keys. Fixes golang/go#36722 Change-Id: I77c8e0a23ed6353f6667686cc79ec14661cb10db GitHub-Last-Rev: 2324b920d080fc7ac35fbcf0a79e25161b6a7f82 GitHub-Pull-Request: golang/crypto#114 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/215540 Reviewed-by:
Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 06 Feb, 2020 1 commit
-
-
Katie Hockman authored
Change-Id: I501bcc2f4bd8107937756087d20e849e3a4bc182 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/214584 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 04 Feb, 2020 1 commit
-
-
Filippo Valsorda authored
Includes the bcrypt_pbkdf package by Dmitry Chestnykh, submitted with permission on his behalf under the CLA: https://go-review.googlesource.com/c/crypto/+/207600/2#message-6a035dd62ff76f6c9367299b911076a1be237fb8 Fixes golang/go#18692 Change-Id: I74e3ab355a8d720948d64d87adc009783a9d9732 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/207600 Run-TryBot: Filippo Valsorda <filippo@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Han-Wen Nienhuys <hanwen@google.com>
-
- 28 Jan, 2020 1 commit
-
-
Filippo Valsorda authored
When int is 32 bits wide (on 32-bit architectures like 386 and arm), an overflow could occur, causing a panic, due to malformed ASN.1 being passed to any of the ASN1 methods of String. Tested on linux/386 and darwin/amd64. This fixes CVE-2020-7919 and was found thanks to the Project Wycheproof test vectors. Change-Id: I8c9696a8bfad1b40ec877cd740dba3467d66ab54 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/645211 Reviewed-by:
Katie Hockman <katiehockman@google.com> Reviewed-by:
Adam Langley <agl@google.com> Reviewed-on: https://go-review.googlesource.com/c/crypto/+/216677 Run-TryBot: Katie Hockman <katie@golang.org> Reviewed-by:
Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 17 Jan, 2020 1 commit
-
-
Katie Hockman authored
RFC 4800, Section 6 specifies that the CRC at the end of the armor is optional, so do not fail to decode signatures missing the CRC. Credit: armor.go patch from engineer at Google Change-Id: I39b04e0afaaafdf7aa86577fe4a35c50e7cf0b2b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/215022 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 15 Jan, 2020 1 commit
-
-
Yasuhiro Matsumoto authored
ReadConsole does not read more than 254 bytes when ENABLE_LINE_INPUT is enabled. Fixes golang/go#36071 Change-Id: If5c160404b855387a80f1d57638aac3f2db1a097 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/212377 Run-TryBot: Alex Brainman <alex.brainman@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Alex Brainman <alex.brainman@gmail.com>
-
- 09 Jan, 2020 1 commit
-
-
Filippo Valsorda authored
The ARM assembly uses the reserved G register. This started causing frequent crashes due to async preemption, but it was already broken in the presence of signals, including SIGPROF. name old speed new speed delta Chacha20Poly1305/Open-64 2.88MB/s ± 0% 1.85MB/s ± 0% -35.76% (p=0.008 n=6+7) Chacha20Poly1305/Seal-64 3.17MB/s ± 1% 1.97MB/s ± 0% -37.78% (p=0.000 n=10+8) Chacha20Poly1305/Open-64-X 2.41MB/s ± 0% 1.61MB/s ± 0% -33.29% (p=0.000 n=9+9) Chacha20Poly1305/Seal-64-X 2.55MB/s ± 0% 1.64MB/s ± 0% -35.61% (p=0.000 n=10+9) Chacha20Poly1305/Open-1350 8.43MB/s ± 0% 4.15MB/s ± 0% -50.78% (p=0.000 n=10+10) Chacha20Poly1305/Seal-1350 8.55MB/s ± 0% 4.18MB/s ± 0% -51.12% (p=0.000 n=9+9) Chacha20Poly1305/Open-1350-X 8.16MB/s ± 0% 4.06MB/s ± 0% -50.18% (p=0.000 n=10+10) Chacha20Poly1305/Seal-1350-X 8.24MB/s ± 1% 4.08MB/s ± 1% -50.53% (p=0.000 n=10+10) Chacha20Poly1305/Open-8192 9.73MB/s ± 1% 4.56MB/s ± 0% -53.15% (p=0.000 n=9+10) Chacha20Poly1305/Seal-8192 9.57MB/s ± 0% 4.52MB/s ± 0% -52.77% (p=0.000 n=9+9) Chacha20Poly1305/Open-8192-X 9.65MB/s ± 0% 4.54MB/s ± 0% -52.95% (p=0.000 n=10+7) Chacha20Poly1305/Seal-8192-X 9.47MB/s ± 1% 4.50MB/s ± 0% -52.50% (p=0.000 n=10+9) Fixes golang/go#35511 Change-Id: I5e5ca3a0499f04c5fece5bc669a417e32d2656c6 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/213880 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by:
Cherry Zhang <cherryyz@google.com>
-
- 08 Jan, 2020 1 commit
-
-
Michael Munday authored
An illegal instruction would occur due to a bug in the way input slices were rounded down in size to a multiple of the rate for a given hash type. This would only occur when the Write function was called with more than ~3KiB of data and the length of the data was not a multiple of the rate. Fixes golang/go#36459. Change-Id: I621ef8d75602bcd59bb44491e17f721050001e6d Reviewed-on: https://go-review.googlesource.com/c/crypto/+/213857 Reviewed-by:
Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Michael Munday <mike.munday@ibm.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 27 Dec, 2019 1 commit
-
-
Katie Hockman authored
Fixes golang/go#36164 Change-Id: I4248cb3e25346f6859c473b729811b36ac6cf872 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/212625 Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 19 Dec, 2019 1 commit
-
-
Ben Toews authored
This adds SealAnonymous and OpenAnonymous functions that implement the libsodium "sealed box" functionality. Fixes golang/go#35346 Change-Id: I22455f1b83595ec8a68d1861e635bd6cb0573f44 GitHub-Last-Rev: 7d334cf861942ec63ad613b7f28fb6dd7a1f9992 GitHub-Pull-Request: golang/crypto#107 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/205241 Reviewed-by:
Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 06 Dec, 2019 1 commit
-
-
Katie Hockman authored
https://github.com/google/wycheproof provides test vectors exposing vulnerabilities in crypto packages. This change creates a new package called internal/wycheproof that runs these Wycheproof tests against a number of pacakages in the standard library (and in the future, x/crypto). Directory structure: - interal/wycheproof/internal/ecdsa: internal version of ecdsa package which includes a new function that verifies ASN encoded signatures directly - interal/wycheproof/internal/dsa: internal version of dsa package which includes a new function that verifies ASN encoded signatures directly - internal/wycheproof: all tests internal/wycheproof/wycheproof_test.go provides utility functions that are common to many tests in the package, and contains the TestMain which fetches github.com/google/wycheproof from the source. This change includes tests for signature verification with dsa, ecdsa, eddsa, and rsa (both PKCS#1 v1.5 and PSS signatures). Note that these tests download testdata from github.com/google/wycheproof by running `go mod download` in the TestMain. This means that internet access will be necessary in order to run these tests if the testdata is not already in your module cache. More tests will be added incrementally. Change-Id: I0378d4be24b5679fdc186e9fc94c1cc0068e81f7 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/209221 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 05 Dec, 2019 2 commits
-
-
edef authored
Previously, an ECDSA crypto.Signer would have been expected to return a signature in RFC7518 format, which violates crypto.Signer's interface contract. Fixes golang/go#35829 Change-Id: Id0cc2d9296cfb9f89925ab9ac02e12d68eec734b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/209537 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
Filippo Valsorda authored
The behavior of ParsePrivateKeyWithPassphrase when the key is unencrypted is unspecified. Currently, it just parses them like ParsePrivateKey, which is unlikely to be what anyone wants: for us to ignore a passphrase that they explicitly passed. It also makes the implementation of encrypted OpenSSH keys in the next CL more confused. Instead, make ParsePrivateKey return a PassphraseNeededError, so the application logic can be ParsePrivateKey -> detect encrypted key -> obtain passphrase -> ParsePrivateKeyWithPassphrase. That error will also let us return the public key for OpenSSH keys. Change-Id: Ife4fb2499ae538bef36e353adf9bc8e902662386 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/207599 Run-TryBot: Filippo Valsorda <filippo@golang.org> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Han-Wen Nienhuys <hanwen@google.com>
-
- 02 Dec, 2019 1 commit
-
-
Sebastian Kinne authored
This adds server-side support for the newly introduced OpenSSH keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com (including their corresponding certificates), which are backed by U2F/FIDO2 tokens. Change-Id: I53d5ed3d0457ae4758ee986055e187ee5787a2d1 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/208017 Reviewed-by:
Han-Wen Nienhuys <hanwen@google.com> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 28 Nov, 2019 1 commit
-
-
Fazlul Shahriar authored
First, modify the test to report a better error by waiting for the Marshal+Write goroutine to finish before returning from the test. If we return too early, a failure inside that goroutine can generate a panic. Second, we workaround plan9 not returning the actual number of bytes written on the connection in case of a hangup (due to closed connection). I've verified that syscall.Pwrite returns -1 on hangup in this particular case even when some data did get written. Fixes golang/go#35888 Change-Id: I7998cff926295f0d577b125c137021a9adc1be5a Reviewed-on: https://go-review.googlesource.com/c/crypto/+/209298 Reviewed-by:
Han-Wen Nienhuys <hanwen@google.com> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
- 22 Nov, 2019 1 commit
-
-
Filippo Valsorda authored
Since there is no ClientAgent identifier, ExampleClientAgent wasn't displayed as an example by godoc. Change-Id: Ied8df7d8412c4aa483d42315986af49ba8fdbcef Reviewed-on: https://go-review.googlesource.com/c/crypto/+/208480 Reviewed-by:
Dmitri Shuralyov <dmitshur@golang.org>
-
- 19 Nov, 2019 1 commit
-
-
Bryan C. Mills authored
Certain environment variables can influence the behavior of ssh-agent, causing the test to fail. Avoid that influence by using a consistent environment. This fixes a locally-observed test failure for me. Change-Id: I0f5e8d643199519f88e80825335ee8e6eb08e3af Reviewed-on: https://go-review.googlesource.com/c/crypto/+/207901 Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Han-Wen Nienhuys <hanwen@google.com>
-
- 17 Nov, 2019 1 commit
-
-
Lars Lehtonen authored
Adds an error channel to the test helper function testPortForward() to collect errors that happen inside a goroutine. Change-Id: I6db1d24b935fdfad637c971581ae80beaebd8a1f Reviewed-on: https://go-review.googlesource.com/c/crypto/+/207462 Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Brad Fitzpatrick <bradfitz@golang.org>
-
- 12 Nov, 2019 1 commit
-
-
Katie Hockman authored
If the mod inverse of the private key's P value does not exist, return an error in Decrypt rather than panic. Change-Id: Ia075a60108863b14ba98bb62364a17131423b819 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/573976 Reviewed-by:
Filippo Valsorda <valsorda@google.com> Reviewed-on: https://go-review.googlesource.com/c/crypto/+/205502 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org>
-
- 11 Nov, 2019 4 commits
-
-
Filippo Valsorda authored
Simply add the NonceSizeX constant, and accept 24 bytes nonces in NewUnauthenticatedCipher. Based on draft-irtf-cfrg-xchacha-01 and libsodium's implementation. Fixes golang/go#24485 Change-Id: I551c8ace258bd54b95bb204c8bb34bccd1c4b615 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/185991 Reviewed-by:
Michael Munday <mike.munday@ibm.com>
-
Filippo Valsorda authored
const KeySize = 32 const NonceSize = 12 func HChaCha20(key, nonce []byte) ([]byte, error) type Cipher struct {} func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error) func (s *Cipher) XORKeyStream(dst, src []byte) Small performance hit in chacha20poly1305, probably due to the loss of the Advance API, which we might consider adding later. No new allocations, thanks to the mid-stack inliner. name old time/op new time/op delta Chacha20Poly1305/Open-64-8 1.60µs ± 0% 1.68µs ± 1% +4.94% (p=0.000 n=9+10) Chacha20Poly1305/Seal-64-8 1.56µs ± 0% 1.64µs ± 1% +5.21% (p=0.000 n=8+10) Chacha20Poly1305/Open-64-X-8 2.10µs ± 1% 2.22µs ± 1% +5.81% (p=0.000 n=10+10) Chacha20Poly1305/Seal-64-X-8 2.07µs ± 1% 2.17µs ± 0% +4.88% (p=0.000 n=10+10) Chacha20Poly1305/Open-1350-8 15.4µs ± 0% 15.7µs ± 1% +1.65% (p=0.000 n=10+10) Chacha20Poly1305/Seal-1350-8 15.6µs ± 2% 15.9µs ± 1% +1.58% (p=0.028 n=10+9) Chacha20Poly1305/Open-1350-X-8 16.0µs ± 1% 16.3µs ± 2% +2.00% (p=0.000 n=10+10) Chacha20Poly1305/Seal-1350-X-8 15.9µs ± 0% 16.3µs ± 1% +1.91% (p=0.000 n=10+8) Chacha20Poly1305/Open-8192-8 85.6µs ± 0% 86.6µs ± 1% +1.21% (p=0.000 n=10+10) Chacha20Poly1305/Seal-8192-8 85.7µs ± 0% 86.3µs ± 0% +0.68% (p=0.001 n=9+9) Chacha20Poly1305/Open-8192-X-8 86.4µs ± 1% 87.1µs ± 1% +0.76% (p=0.035 n=10+9) Chacha20Poly1305/Seal-8192-X-8 86.0µs ± 0% 87.0µs ± 1% +1.14% (p=0.000 n=9+9) Updates golang/go#24485 Change-Id: I2ec2ef487a03f013049915d9063751c75a78408b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/185980 Reviewed-by:
Michael Munday <mike.munday@ibm.com>
-
Filippo Valsorda authored
name old speed new speed delta ChaCha20/64-4 428MB/s ± 1% 432MB/s ± 1% ~ (p=0.089 n=10+10) ChaCha20/256-4 497MB/s ± 1% 507MB/s ± 2% +1.94% (p=0.000 n=9+10) ChaCha20/10x25-4 273MB/s ± 1% 285MB/s ± 3% +4.37% (p=0.000 n=10+10) ChaCha20/4096-4 495MB/s ± 1% 508MB/s ± 1% +2.51% (p=0.000 n=8+10) ChaCha20/100x40-4 407MB/s ± 1% 439MB/s ± 1% +7.92% (p=0.000 n=9+9) ChaCha20/65536-4 521MB/s ± 2% 537MB/s ± 1% +3.00% (p=0.000 n=10+10) ChaCha20/1000x65-4 498MB/s ± 2% 521MB/s ± 2% +4.70% (p=0.000 n=10+10) Curiously, even if we omit the critical s.precompDone = true step, we see a significant performance improvement across the board, maybe due to reduced register pressure. (See below. Actually using the precomputed values only impacts the 10x25, 100x40 and 1000x65 benchmarks, as expected.) name old speed new speed delta ChaCha20/64-4 428MB/s ± 1% 428MB/s ± 1% ~ (p=0.912 n=10+10) ChaCha20/256-4 497MB/s ± 1% 510MB/s ± 1% +2.64% (p=0.000 n=9+10) ChaCha20/10x25-4 273MB/s ± 1% 277MB/s ± 2% +1.36% (p=0.003 n=10+10) ChaCha20/4096-4 495MB/s ± 1% 507MB/s ± 2% +2.28% (p=0.000 n=8+10) ChaCha20/100x40-4 407MB/s ± 1% 418MB/s ± 1% +2.69% (p=0.000 n=9+10) ChaCha20/65536-4 521MB/s ± 2% 536MB/s ± 1% +2.76% (p=0.000 n=10+8) ChaCha20/1000x65-4 498MB/s ± 2% 519MB/s ± 1% +4.15% (p=0.000 n=10+9) Updates golang/go#24485 Change-Id: I117fab938787819aae1cc4371354888701e4e54b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/185440 Reviewed-by:
Michael Munday <mike.munday@ibm.com>
-
Filippo Valsorda authored
Separated the complex buffering logic from key stream generation more clearly, added plenty of comments and generally refactored the Go implementation for readability. Made the interface with the generic/assembly cores smaller and more consistent, according to golang.org/wiki/TargetSpecific. We will recover the lost performance on unaligned calls by caching 3/4 of the first round across XORKeyStream invocations, which we now have complexity budget for. name old speed new speed delta ChaCha20/64-4 435MB/s ± 2% 429MB/s ± 2% -1.47% (p=0.013 n=10+9) ChaCha20/256-4 496MB/s ± 1% 493MB/s ± 2% ~ (p=0.280 n=10+10) ChaCha20/10x25-4 283MB/s ± 1% 274MB/s ± 2% -3.13% (p=0.000 n=10+10) ChaCha20/4096-4 494MB/s ± 1% 493MB/s ± 5% ~ (p=0.631 n=10+10) ChaCha20/100x40-4 421MB/s ± 3% 408MB/s ± 1% -3.14% (p=0.003 n=9+9) ChaCha20/65536-4 515MB/s ± 1% 519MB/s ± 3% ~ (p=0.161 n=7+10) ChaCha20/1000x65-4 501MB/s ± 2% 501MB/s ± 3% ~ (p=0.497 n=9+10) Also applied a fix for a lingering bug in the ppc64le assembly written by Lynn Boger <laboger@linux.vnet.ibm.com>. Updates golang/go#24485 Change-Id: I10cf24a7f10359b1b4ae63c9bb1946735b98ac9b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/185439 Reviewed-by:
Michael Munday <mike.munday@ibm.com>
-