diff options
| author | Jussi Kivilinna <[email protected]> | 2022-02-08 16:31:54 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-02-24 13:14:48 +0000 |
| commit | 9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1 (patch) | |
| tree | 0ca2fbc9f5b4f93b912d2857128e5c78b9ec3424 | |
| parent | scd:p15: Used extended mode already for RSA 2048 (diff) | |
| download | gnupg-9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1.tar.gz gnupg-9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1.zip | |
g10: Avoid extra hash contexts when decrypting MDC input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--
Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:
AES256.CFB encryption: 783 MB/s
AES256.CFB decryption: 386 MB/s (before)
AES256.CFB encryption: 1.3 GB/s (after patch)
Note, AEAD is still significantly faster:
AES256.OCB encryption: 2.2 GB/s
AES256.OCB decryption: 3.0 GB/s
GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <[email protected]>
(cherry picked from commit ab177eed514f7f3432d78e7e6521ad24cc0f4762)
Even 2.2 with the older Libgcrypt 1.8 gets a threefold speedup; see
https://dev.gnupg.org/T5820#155447 (AES-128 vs. AES-256 does not make
a substanial difference)
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | g10/mainproc.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index b032afb8b..871403ad7 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -98,6 +98,7 @@ struct mainproc_context ulong symkeys; /* Number of symmetrically encrypted session keys. */ struct kidlist_item *pkenc_list; /* List of encryption packets. */ int seen_pkt_encrypted_aead; /* PKT_ENCRYPTED_AEAD packet seen. */ + int seen_pkt_encrypted_mdc; /* PKT_ENCRYPTED_MDC packet seen. */ struct { unsigned int sig_seen:1; /* Set to true if a signature packet has been seen. */ @@ -147,6 +148,7 @@ release_list( CTX c ) c->any.uncompress_failed = 0; c->last_was_session_key = 0; c->seen_pkt_encrypted_aead = 0; + c->seen_pkt_encrypted_mdc = 0; xfree (c->dek); c->dek = NULL; } @@ -639,6 +641,8 @@ proc_encrypted (CTX c, PACKET *pkt) if (pkt->pkttype == PKT_ENCRYPTED_AEAD) c->seen_pkt_encrypted_aead = 1; + if (pkt->pkttype == PKT_ENCRYPTED_MDC) + c->seen_pkt_encrypted_mdc = 1; if (early_plaintext) { @@ -864,7 +868,7 @@ proc_encrypted (CTX c, PACKET *pkt) static int -have_seen_pkt_encrypted_aead( CTX c ) +have_seen_pkt_encrypted_aead_or_mdc( CTX c ) { CTX cc; @@ -872,6 +876,8 @@ have_seen_pkt_encrypted_aead( CTX c ) { if (cc->seen_pkt_encrypted_aead) return 1; + if (cc->seen_pkt_encrypted_mdc) + return 1; } return 0; @@ -953,7 +959,7 @@ proc_plaintext( CTX c, PACKET *pkt ) } } - if (!any && !opt.skip_verify && !have_seen_pkt_encrypted_aead(c)) + if (!any && !opt.skip_verify && !have_seen_pkt_encrypted_aead_or_mdc(c)) { /* This is for the old GPG LITERAL+SIG case. It's not legal according to 2440, so hopefully it won't come up that often. |