From: Han-Wen Nienhuys <hanwen@google.com>
Date: Thu, 12 Dec 2013 16:25:17 +0000 (-0500)
Subject: crypto/cipher: speed up gcmInc32.
X-Git-Tag: go1.3beta1~1257
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=b2a198ce39569687e277f794f189299c530a0021;p=gostls13.git

crypto/cipher: speed up gcmInc32.

The counter is not secret, so the code does not need to be
constant time.

benchmark                    old MB/s     new MB/s  speedup
BenchmarkAESGCMSeal1K           89.90        92.84    1.03x
BenchmarkAESGCMOpen1K           89.16        92.30    1.04x

R=agl
CC=golang-dev
https://golang.org/cl/40690046
---

diff --git a/src/pkg/crypto/cipher/gcm.go b/src/pkg/crypto/cipher/gcm.go
index 122cd41ca2..2f748f02f7 100644
--- a/src/pkg/crypto/cipher/gcm.go
+++ b/src/pkg/crypto/cipher/gcm.go
@@ -258,11 +258,11 @@ func (g *gcm) update(y *gcmFieldElement, data []byte) {
 // gcmInc32 treats the final four bytes of counterBlock as a big-endian value
 // and increments it.
 func gcmInc32(counterBlock *[16]byte) {
-	c := 1
 	for i := gcmBlockSize - 1; i >= gcmBlockSize-4; i-- {
-		c += int(counterBlock[i])
-		counterBlock[i] = byte(c)
-		c >>= 8
+		counterBlock[i]++
+		if counterBlock[i] != 0 {
+			break
+		}
 	}
 }