From 37385fcd836bcc086b56b8dc7089d5038c203f13 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 15 Sep 2012 06:01:11 +0200 Subject: Rework some parts of the AES128-GCM method These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. --- src/fastd.c | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) (limited to 'src/fastd.c') diff --git a/src/fastd.c b/src/fastd.c index dadcd17..3bbf30f 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -264,7 +264,7 @@ static size_t methods_min_encrypt_head_space(fastd_context *ctx) { ret = s; } - return ret; + return ALIGN(ret, 8); } static size_t methods_min_decrypt_head_space(fastd_context *ctx) { @@ -280,6 +280,38 @@ static size_t methods_min_decrypt_head_space(fastd_context *ctx) { ret = s; } + return ALIGN(ret, 8); +} + +static size_t methods_min_encrypt_tail_space(fastd_context *ctx) { + size_t ret = ctx->conf->methods[0]->min_encrypt_tail_space(ctx); + + int i; + for (i = 0; i < MAX_METHODS; i++) { + if (!ctx->conf->methods[i]) + break; + + size_t s = ctx->conf->methods[i]->min_encrypt_tail_space(ctx); + if (s > ret) + ret = s; + } + + return ret; +} + +static size_t methods_min_decrypt_tail_space(fastd_context *ctx) { + size_t ret = ctx->conf->methods[0]->min_decrypt_tail_space(ctx); + + int i; + for (i = 0; i < MAX_METHODS; i++) { + if (!ctx->conf->methods[i]) + break; + + size_t s = ctx->conf->methods[i]->min_decrypt_tail_space(ctx); + if (s > ret) + ret = s; + } + return ret; } @@ -360,7 +392,7 @@ void fastd_handle_receive(fastd_context *ctx, fastd_peer *peer, fastd_buffer buf fastd_peer *dest_peer; for (dest_peer = ctx->peers; dest_peer; dest_peer = dest_peer->next) { if (dest_peer != peer && fastd_peer_is_established(dest_peer)) { - fastd_buffer send_buffer = fastd_buffer_alloc(buffer.len, methods_min_encrypt_head_space(ctx), 0); + fastd_buffer send_buffer = fastd_buffer_alloc(buffer.len, methods_min_encrypt_head_space(ctx), methods_min_encrypt_tail_space(ctx)); memcpy(send_buffer.data, buffer.data, buffer.len); ctx->conf->protocol->send(ctx, dest_peer, send_buffer); } @@ -479,7 +511,7 @@ static void handle_tasks(fastd_context *ctx) { case TASK_KEEPALIVE: pr_debug(ctx, "sending keepalive to %P", task->peer); - ctx->conf->protocol->send(ctx, task->peer, fastd_buffer_alloc(0, methods_min_encrypt_head_space(ctx), 0)); + ctx->conf->protocol->send(ctx, task->peer, fastd_buffer_alloc(0, methods_min_encrypt_head_space(ctx), methods_min_encrypt_tail_space(ctx))); break; default: @@ -492,7 +524,7 @@ static void handle_tasks(fastd_context *ctx) { static void handle_tun(fastd_context *ctx) { size_t max_len = fastd_max_packet_size(ctx); - fastd_buffer buffer = fastd_buffer_alloc(max_len, methods_min_encrypt_head_space(ctx), 0); + fastd_buffer buffer = fastd_buffer_alloc(max_len, methods_min_encrypt_head_space(ctx), methods_min_encrypt_tail_space(ctx)); ssize_t len = read(ctx->tunfd, buffer.data, max_len); if (len < 0) { @@ -529,7 +561,7 @@ static void handle_tun(fastd_context *ctx) { if (peer == NULL) { for (peer = ctx->peers; peer; peer = peer->next) { if (fastd_peer_is_established(peer)) { - fastd_buffer send_buffer = fastd_buffer_alloc(len, methods_min_encrypt_head_space(ctx), 0); + fastd_buffer send_buffer = fastd_buffer_alloc(len, methods_min_encrypt_head_space(ctx), methods_min_encrypt_tail_space(ctx)); memcpy(send_buffer.data, buffer.data, len); ctx->conf->protocol->send(ctx, peer, send_buffer); } @@ -541,7 +573,7 @@ static void handle_tun(fastd_context *ctx) { static void handle_socket(fastd_context *ctx, int sockfd) { size_t max_len = PACKET_TYPE_LEN + methods_max_packet_size(ctx); - fastd_buffer buffer = fastd_buffer_alloc(max_len, ALIGN8(methods_min_decrypt_head_space(ctx)), 0); + fastd_buffer buffer = fastd_buffer_alloc(max_len, methods_min_decrypt_head_space(ctx), methods_min_decrypt_tail_space(ctx)); uint8_t *packet_type; fastd_peer_address recvaddr; -- cgit v1.2.3