aez

package module

v0.0.0-...-ec7426b Latest Latest Go to latest Published: Apr 8, 2018 License: CC0-1.0 Imports: 8 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.schwanenlied.me/yawning/aez

Links

Open Source Insights

README ¶

aez - AEZ (Duh)

Yawning Angel (yawning at schwanenlied dot me)

This is an implementation of AEZ, primarily based on the reference code. It appears to be correct and the output matches test vectors.

Features:

Constant time, always.
Will use AES-NI if available on AMD64.
Unlike the aesni code, supports a vector of AD, nbytes > 16, and tau > 16.

Benchmarks:

Version	Message Size	ns/op	MB/s
aesni	1	2430	0.41
	32	2161	14.80
	512	2491	205.51
	1024	2608	392.52
	2048	2922	700.74
	4096	3669	1116.12
	8192	5096	1607.43
	16384	7892	2075.93
	32768	13214	2479.65
	65536	24416	2684.11
	1024768	381778	2684.20

ct64 (no-asm)	1	7185	0.14
	32	9081	3.52
	512	26117	19.60
	1024	40259	25.43
	2048	67867	30.18
	4096	124411	32.92
	8192	241456	33.93
	16394	462033	35.46
	32768	914127	35.85
	65536	1804397	36.32
	1024768	27380841	37.43

ct32 (no-asm)	1	6482	0.15
	32	8673	3.69
	512	26926	19.01
	1024	45842	22.34
	2048	83350	24.57
	4096	159436	25.69
	8192	322488	25.40
	16394	618034	26.51
	32768	1200462	27.30
	65536	2366829	27.69
	1024768	37128937	27.60

All numbers taken on an Intel i7-5600U with Turbo Boost disabled, running on linux/amd64. A 16 byte authenticator (tau) and no AD was used for each test. Even on systems without AES-NI certain operations are done using SSE2 (eg: XORs), but for the purposes of benchmarking this was disabled for the ct64/ct32 tests.

Documentation ¶

Rendered for

Overview ¶

Package aez implements the AEZ AEAD primitive.

See: http://web.cs.ucdavis.edu/~rogaway/aez/

Index ¶

Constants
func Decrypt(key []byte, nonce []byte, additionalData [][]byte, tau int, ...) ([]byte, bool)
func Encrypt(key []byte, nonce []byte, additionalData [][]byte, tau int, ...) []byte
func IsHardwareAccelerated() bool
func New(key []byte) (cipher.AEAD, error)
type AeadAEZ

Constants ¶

View Source

const (
	// Version is the version of the AEZ specification implemented.
	Version = "v5"
)

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(key []byte, nonce []byte, additionalData [][]byte, tau int, ciphertext, dst []byte) ([]byte, bool)

Decrypt decrypts and authenticates the ciphertext, authenticates the additional data, and if successful appends the resulting plaintext to the provided slice and returns the updated slice and true. The length of the expected authentication tag in bytes is specified by tau. The ciphertext and dst slices MUST NOT overlap.

func Encrypt ¶

func Encrypt(key []byte, nonce []byte, additionalData [][]byte, tau int, plaintext, dst []byte) []byte

Encrypt encrypts and authenticates the plaintext, authenticates the additional data, and appends the result to ciphertext, returning the updated slice. The length of the authentication tag in bytes is specified by tau. The plaintext and dst slices MUST NOT overlap.

func IsHardwareAccelerated ¶

func IsHardwareAccelerated() bool

IsHardwareAccelerated returns true iff the AEZ implementation will use hardware acceleration (eg: AES-NI).

func New ¶

func New(key []byte) (cipher.AEAD, error)

New returns AEZ wrapped in a new cipher.AEAD instance, with the recommended nonce and tag lengths.

Types ¶

type AeadAEZ ¶

type AeadAEZ struct {
	// contains filtered or unexported fields
}

AeadAEZ is AEZ wrapped in the crypto/cipher.AEAD interface. It expects a 16 byte nonce, and uses a 16 byte tag, per the recommended defaults in the specification.

The AEZ primitive itself supports a vector of authenticated data, variable length nonces, and variable length authentication tags. Users who require such functionality should investigate the one-shot Encrypt/Decrypt calls instead.

func (*AeadAEZ) NonceSize ¶

func (a *AeadAEZ) NonceSize() int

NonceSize returns the size of the nonce that must be passed to Seal and Open.

func (*AeadAEZ) Open ¶

func (a *AeadAEZ) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error)

Open decrypts and authenticates ciphertext, authenticates the additional data and, if successful, appends the resulting plaintext to dst, returning the updated slice. The nonce must be NonceSize() bytes long and both it and the additional data must match the value passed to Seal.

func (*AeadAEZ) Overhead ¶

func (a *AeadAEZ) Overhead() int

Overhead returns the maximum difference between the lengths of a plaintext and its ciphertext.

func (*AeadAEZ) Reset ¶

func (a *AeadAEZ) Reset()

Reset clears the sensitive keying material from the datastructure such that it will no longer be in memory.

func (*AeadAEZ) Seal ¶

func (a *AeadAEZ) Seal(dst, nonce, plaintext, additionalData []byte) []byte

Seal encrypts and authenticates plaintext, authenticates the additional data and appends the result to dst, returning the updated slice. The nonce must be NonceSize() bytes long.

The nonce additionally should be unique for all time, for a given key, however the AEZ primitive does provide nonce-reuse misuse-resistance, see the paper for more details (MRAE).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL