Commit b2a198ce authored by Han-Wen Nienhuys's avatar Han-Wen Nienhuys Committed by Adam Langley

crypto/cipher: speed up gcmInc32.

The counter is not secret, so the code does not need to be
constant time.

benchmark                    old MB/s     new MB/s  speedup
BenchmarkAESGCMSeal1K           89.90        92.84    1.03x
BenchmarkAESGCMOpen1K           89.16        92.30    1.04x

R=agl
CC=golang-dev
https://golang.org/cl/40690046
parent 5ad5b7a5
...@@ -258,11 +258,11 @@ func (g *gcm) update(y *gcmFieldElement, data []byte) { ...@@ -258,11 +258,11 @@ func (g *gcm) update(y *gcmFieldElement, data []byte) {
// gcmInc32 treats the final four bytes of counterBlock as a big-endian value // gcmInc32 treats the final four bytes of counterBlock as a big-endian value
// and increments it. // and increments it.
func gcmInc32(counterBlock *[16]byte) { func gcmInc32(counterBlock *[16]byte) {
c := 1
for i := gcmBlockSize - 1; i >= gcmBlockSize-4; i-- { for i := gcmBlockSize - 1; i >= gcmBlockSize-4; i-- {
c += int(counterBlock[i]) counterBlock[i]++
counterBlock[i] = byte(c) if counterBlock[i] != 0 {
c >>= 8 break
}
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment