chacha20: improve generic implementation performance

Some small changes to improve computation throughput of noasm chacha20 by between 4-11%.

name                 old time/op   new time/op   delta
ChaCha20/64-12         142ns ± 1%    132ns ± 1%   -7.09%  (p=0.000 n=20+20)
ChaCha20/256-12        485ns ± 1%    441ns ± 1%   -9.08%  (p=0.000 n=20+20)
ChaCha20/10x25-12      822ns ± 1%    785ns ± 1%   -4.42%  (p=0.000 n=20+20)
ChaCha20/4096-12       484ns ± 1%    442ns ± 1%   -8.80%  (p=0.000 n=20+19)
ChaCha20/100x40-12    8.65µs ± 1%   8.08µs ± 1%   -6.54%  (p=0.000 n=19+20)
ChaCha20/65536-12      118µs ± 1%    106µs ± 1%  -10.04%  (p=0.000 n=19+20)
ChaCha20/1000x65-12    120µs ± 1%    108µs ± 0%   -9.84%  (p=0.000 n=19+19)

name                 old speed     new speed     delta
ChaCha20/64-12       450MB/s ± 1%  484MB/s ± 1%   +7.61%  (p=0.000 n=19+19)
ChaCha20/256-12      527MB/s ± 1%  580MB/s ± 1%  +10.03%  (p=0.000 n=20+20)
ChaCha20/10x25-12    304MB/s ± 1%  318MB/s ± 1%   +4.62%  (p=0.000 n=20+20)
ChaCha20/4096-12     529MB/s ± 1%  580MB/s ± 1%   +9.70%  (p=0.000 n=19+20)
ChaCha20/100x40-12   463MB/s ± 1%  495MB/s ± 1%   +7.00%  (p=0.000 n=19+20)
ChaCha20/65536-12    556MB/s ± 1%  618MB/s ± 1%  +11.16%  (p=0.000 n=19+20)
ChaCha20/1000x65-12  542MB/s ± 1%  602MB/s ± 0%  +10.92%  (p=0.000 n=19+19)

Redundant bound checks on loading key and nonce as uint32s in newUnauthenticatedCipher
are eliminated.

In the main block loop, two changes were made:
1. Specialise the xor function to addXor, so the final block state variables don't need to be
separately incremented by the initial block state before XORing with the input block.
2. Change the loop condition to be bound by len(src) >=64 and len(dst) >= 64.
This eliminates all bound checks later in the load-xor-store stage.
As a result, src and dst are resliced in-place after each block.

Change-Id: Ic3165a556bf7cb2d71349d534cdd21d06d9a7a2c
GitHub-Last-Rev: b3b1a185004c551919a8984547a5bac0283919a1
GitHub-Pull-Request: golang/crypto#131
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/228618
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
2 files changed
tree: c3d9a234c841dd434fc6000aabe118cc9a159608
  1. acme/
  2. argon2/
  3. bcrypt/
  4. blake2b/
  5. blake2s/
  6. blowfish/
  7. bn256/
  8. cast5/
  9. chacha20/
  10. chacha20poly1305/
  11. cryptobyte/
  12. curve25519/
  13. ed25519/
  14. hkdf/
  15. internal/
  16. md4/
  17. nacl/
  18. ocsp/
  19. openpgp/
  20. otr/
  21. pbkdf2/
  22. pkcs12/
  23. poly1305/
  24. ripemd160/
  25. salsa20/
  26. scrypt/
  27. sha3/
  28. ssh/
  29. tea/
  30. twofish/
  31. xtea/
  32. xts/
  33. .gitattributes
  34. .gitignore
  35. AUTHORS
  36. codereview.cfg
  37. CONTRIBUTING.md
  38. CONTRIBUTORS
  39. go.mod
  40. go.sum
  41. LICENSE
  42. PATENTS
  43. README.md
README.md

Go Cryptography

This repository holds supplementary Go cryptography libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/crypto/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/crypto.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the crypto repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.