crypto/cipher: speed up gcmInc32.

The counter is not secret, so the code does not need to be
constant time.

benchmark                    old MB/s     new MB/s  speedup
BenchmarkAESGCMSeal1K           89.90        92.84    1.03x
BenchmarkAESGCMOpen1K           89.16        92.30    1.04x

R=agl
CC=golang-dev
https://golang.org/cl/40690046

diff --git a/src/pkg/crypto/cipher/gcm.go b/src/pkg/crypto/cipher/gcm.go
index 122cd41ca20ae82c1bd26eb72bc3597ce9b8f4d9..2f748f02f7ca8a4498d98633cb464d2819c836bf 100644 (file)
--- a/src/pkg/crypto/cipher/gcm.go
+++ b/src/pkg/crypto/cipher/gcm.go
@@ -258,11 +258,11 @@ func (g *gcm) update(y *gcmFieldElement, data []byte) {
 // gcmInc32 treats the final four bytes of counterBlock as a big-endian value
 // and increments it.
 func gcmInc32(counterBlock *[16]byte) {
-       c := 1
        for i := gcmBlockSize - 1; i >= gcmBlockSize-4; i-- {
-               c += int(counterBlock[i])
-               counterBlock[i] = byte(c)
-               c >>= 8
+               counterBlock[i]++
+               if counterBlock[i] != 0 {
+                       break
+               }
        }
 }