aes

package module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: MIT Imports: 4 Imported by: 0

README

go-aes

A Go library exposing the fundamental building blocks of AES encryption for developers building custom cryptographic primitives. Unlike traditional AES libraries that provide complete encryption/decryption, this package gives you direct access to individual round functions, transformations, and wide-block permutations.

Table of Contents

Features

  • Low-level AES operations: SubBytes, ShiftRows, MixColumns, and complete round functions
  • Hardware acceleration: Intel AES-NI, ARM Crypto Extensions, and VAES for parallel processing
  • Parallel block processing: Process 2 or 4 blocks simultaneously with VAES/AVX2/AVX512
  • Multi-round functions: Optimized 4/6/7/10/12/14 round operations
  • Wide-block permutations: Areion256 (32-byte) and Areion512 (64-byte)
  • Keyed block ciphers from permutations: Areion256-EM and Areion512-EM (Even-Mansour construction)
  • Beyond-birthday-bound PRF: Areion-SoEM-256 and Areion-SoEM-512 (Sum of Even-Mansour)
  • Short fixed-input hashing: Areion256-DM and Areion512-DM (Davies-Meyer construction)
  • Keyed short-input hashing: Vistrutah256-MP and Vistrutah512-MP (Miyaguchi-Preneel construction)
  • AES-based hashing: Haraka v2 (256-bit and 512-bit input variants)
  • Tweakable block ciphers: KIASU-BC, Deoxys-BC-256, Pholkos (256-bit and 512-bit)
  • Large-block ciphers: Vistrutah-256 and Vistrutah-512
  • Expanding PRF: ButterKnife (128-bit to 1024-bit expansion)
  • Cross-platform: Identical results on Intel and ARM with automatic fallback to pure Go

Installation

go get github.com/jedisct1/go-aes

Quick Start

package main

import (
    "fmt"
    aes "github.com/jedisct1/go-aes"
)

func main() {
    var block, key aes.Block
    copy(block[:], "Hello, World!...")
    copy(key[:], "SecretKey1234567")

    // Perform one AES forward round (modifies block in place)
    aes.Round(&block, &key)
    fmt.Printf("After one round: %x\n", block)

    // Hardware acceleration is automatic
    if aes.CPU.HasAESNI || aes.CPU.HasARMCrypto {
        copy(block[:], "Hello, World!...")
        aes.RoundHW(&block, &key)
        fmt.Printf("Hardware result: %x\n", block)
    }
}

Core Concepts

Block Operations

All operations work on 128-bit blocks represented as [16]byte arrays. Three round function variants accommodate different use cases:

Variant Key XOR Position Use Case
Standard (Round, InvRound) End FIPS-197/Intel semantics
KeyFirst (RoundKeyFirst) Beginning ARM-native semantics
NoKey (RoundNoKey) None Custom constructions
Hardware Acceleration

The package detects CPU capabilities at runtime:

aes.CPU.HasAESNI     // Intel AES-NI (single-block)
aes.CPU.HasARMCrypto // ARM Crypto Extensions
aes.CPU.HasVAES      // Intel VAES (parallel)
aes.CPU.HasAVX2      // 2-block parallel with VAES
aes.CPU.HasAVX512    // 4-block parallel with VAES

Intel and ARM AES instructions have different operation orders. The library handles this transparently, ensuring identical results across platforms.

Parallel Processing

For high-throughput applications, process multiple blocks simultaneously:

// Process two blocks (AVX2)
var blocks aes.Block2  // 32 bytes = 2×16-byte blocks
var keys aes.Key2      // 32 bytes = 2×16-byte keys
result := aes.Round2(blocks, keys)

// Process four blocks (AVX512)
var blocks4 aes.Block4  // 64 bytes
var keys4 aes.Key4
result4 := aes.Round4(blocks4, keys4)

Each block is processed with its corresponding key. Falls back to sequential processing without VAES.

Multi-Round Operations

Optimized functions for multiple rounds in a single call (2-3x faster than separate calls):

var keys aes.RoundKeys10
result := aes.Rounds10(block, keys)

// For complete AES encryption (N-1 full rounds + 1 final round without MixColumns)
result := aes.Rounds10WithFinal(block, keys)

Available: Rounds4, Rounds6, Rounds7, Rounds10, Rounds12, Rounds14, plus inverse and NoKey variants.

Key Schedules

Standard key expansion for AES-128, AES-192, and AES-256:

var masterKey [16]byte
roundKeys := aes.KeyExpansion128(masterKey)

// Or use the KeySchedule type
ks, _ := aes.NewKeySchedule(masterKey[:])
roundKey := ks.GetRoundKey(0)

Cryptographic Constructions

Areion Permutations

Wide-block cryptographic permutations built using AES rounds, useful for hash functions and authenticated encryption.

  • Areion256: 32-byte state, 10 rounds
  • Areion512: 64-byte state, 15 rounds
var state aes.Areion256
copy(state[:], yourData)
state.Permute()

// Inverse permutation
state.InversePermute()

// 512-bit variant
var largeState aes.Areion512
largeState.Permute()

Areion-DM: Short fixed-input hash functions using the Davies-Meyer construction (h = P(m) XOR m).

  • Areion256-DM: 32-byte input, 32-byte output
  • Areion512-DM: 64-byte input, 32-byte output (truncated)
var input32 [32]byte
hash256 := aes.Areion256DM(&input32)   // [32]byte

var input64 [64]byte
hash512 := aes.Areion512DM(&input64)   // [32]byte
Areion-EM Block Cipher

Keyed block ciphers using the single-key Even-Mansour construction: E_k(m) = P(m XOR k) XOR k, where P is an Areion permutation. Provides a simple way to turn the Areion permutation into a keyed primitive.

  • Areion256-EM: 32-byte key, 32-byte block
  • Areion512-EM: 64-byte key, 64-byte block
var key [32]byte
var block [32]byte
ciphertext := aes.Areion256EM(&key, &block)       // Encrypt
plaintext := aes.Areion256EMDecrypt(&key, &ciphertext) // Decrypt

// 512-bit variant
var key64 [64]byte
var block64 [64]byte
ct512 := aes.Areion512EM(&key64, &block64)
pt512 := aes.Areion512EMDecrypt(&key64, &ct512)
Areion-SoEM PRF

Beyond-birthday-bound PRF using Sum of Even-Mansour with Areion permutations: F(k1, k2, m) = P(m XOR k1) XOR P(m XOR k2 XOR d), where d is a domain separation constant. Two independent subkeys push PRF security to ~2n/3 bits, well beyond the n/2-bit birthday bound of single-call constructions.

  • Areion-SoEM-256: 64-byte key (2x32), 32-byte input/output, ~170-bit PRF security
  • Areion-SoEM-512: 128-byte key (2x64), 64-byte input/output, ~341-bit PRF security
var key256 [64]byte   // two independent 32-byte subkeys
var input256 [32]byte
output256 := aes.AreionSoEM256(&key256, &input256)

var key512 [128]byte  // two independent 64-byte subkeys
var input512 [64]byte
output512 := aes.AreionSoEM512(&key512, &input512)
AES-PRF

Pseudorandom function using AES rounds with feed-forward structure: 4 rounds, XOR with input, then 6 more rounds (5 full + 1 final).

prf, _ := aes.NewAESPRF(key[:])  // 16, 24, or 32 bytes

var block aes.Block
copy(block[:], "Input data here!")
prf.PRF(&block)  // Modifies in place

Performance: ~152 ns/op with zero allocations on Apple M4 ARM64.

Haraka v2

AES-based cryptographic hash function designed for short inputs. Uses AES rounds with round constants derived from the digits of pi.

  • Haraka-256: 32-byte input, 32-byte output, 5 rounds
  • Haraka-512: 64-byte input, 32-byte output (truncated), 5 rounds
// Hash a 32-byte input
var input [32]byte
copy(input[:], yourData)
hash := aes.Haraka256(&input)

// Hash a 64-byte input
var largeInput [64]byte
hash512 := aes.Haraka512(&largeInput)

// Convenience: get single 16-byte block output
block := aes.Haraka256ToBlock(&input)
KIASU-BC Tweakable Block Cipher

AES-128 with 8-byte tweak XORed into each round. Used in ipcrypt-nd for non-deterministic IP address encryption.

ctx, _ := aes.NewKiasuContext(key)

var plaintext [16]byte
var tweak [8]byte
ciphertext := ctx.KiasuEncrypt(plaintext, tweak)
decrypted := ctx.KiasuDecrypt(ciphertext, tweak)

Tweak format: Padded to 16 bytes as [T0 T1 00 00 T2 T3 00 00 T4 T5 00 00 T6 T7 00 00]

Deoxys-BC-256 Tweakable Block Cipher

From the TWEAKEY framework: 256-bit tweakey (128-bit key + 128-bit tweak), 14 rounds.

var tweakey aes.Tweakey256
copy(tweakey[0:16], key[:])
copy(tweakey[16:32], tweak[:])

rk := aes.NewDeoxysBC256(&tweakey)
ciphertext := aes.DeoxysBC256Encrypt(rk, &plaintext)

Low-level round functions with domain separation are also available for custom constructions.

ButterKnife TPRF

Tweakable PRF expanding 128-bit input to 1024-bit output (8 branches). Based on the Iterate-Fork-Iterate paradigm.

var tweakey aes.Tweakey256
var input aes.Block
output := aes.ButterKnife(&tweakey, &input)

// For multiple evaluations, use context
ctx := aes.NewButterKnifeContext(&tweakey)
output1 := ctx.Eval(&input1)
output2 := ctx.Eval(&input2)

Structure: 7 rounds before fork (domain 0), then 8 rounds in 8 parallel branches (domains 1-8), with feed-forward XOR.

Reference: ePrint 2021/1534

Pholkos Tweakable Block Cipher

Large-state tweakable block cipher family based on AES rounds, designed for high security and high performance. Follows the design strategy of Haraka and AESQ with two-round steps.

Variants:

  • Pholkos-256-256: 256-bit block, 256-bit key, 128-bit tweak, 8 steps
  • Pholkos-512-256: 512-bit block, 256-bit key, 128-bit tweak, 10 steps
  • Pholkos-512-512: 512-bit block, 512-bit key, 128-bit tweak, 10 steps
// Pholkos-256 (32-byte block, 32-byte key)
var block aes.Pholkos256Block
var key aes.Pholkos256Key
var tweak aes.PholkosTweak
copy(block[:], plaintext)
copy(key[:], keyBytes)
copy(tweak[:], tweakBytes)

ctx := aes.NewPholkos256Context(&key, &tweak)
ctx.Encrypt(&block)
ctx.Decrypt(&block)

// Pholkos-512 with 256-bit key
var block512 aes.Pholkos512Block
ctx512 := aes.NewPholkos512Context(&key, &tweak)
ctx512.Encrypt(&block512)

// Pholkos-512 with 512-bit key
var key512 aes.Pholkos512Key
ctx512_512 := aes.NewPholkos512Context512(&key512, &tweak)
ctx512_512.Encrypt(&block512)

For single-block operations, convenience functions are available: Pholkos256Encrypt, Pholkos256Decrypt, Pholkos512Encrypt, Pholkos512Decrypt, Pholkos512Encrypt512, Pholkos512Decrypt512.

Vistrutah Large-Block Cipher

Large-block cipher family using Generalized Even-Mansour construction.

Vistrutah-256 (32-byte blocks):

plaintext := make([]byte, 32)
ciphertext := make([]byte, 32)
key := make([]byte, 32)  // 16 or 32 bytes

aes.Vistrutah256Encrypt(plaintext, ciphertext, key, aes.Vistrutah256RoundsLong)
aes.Vistrutah256Decrypt(ciphertext, plaintext, key, aes.Vistrutah256RoundsLong)

Vistrutah-512 (64-byte blocks):

plaintext := make([]byte, 64)
ciphertext := make([]byte, 64)
key := make([]byte, 64)  // 32 or 64 bytes

aes.Vistrutah512Encrypt(plaintext, ciphertext, key, aes.Vistrutah512RoundsLong512Key)

Round options:

Variant Short Long
Vistrutah-256 10 14
Vistrutah-512 (256-bit key) 10 14
Vistrutah-512 (512-bit key) 12 18

Reference: ePrint 2024/1534

Vistrutah-MP: Keyed fixed-input hash functions using the Miyaguchi-Preneel construction (h = E(k, X) XOR k XOR X), one of the 12 provably secure PGV compression functions (Black-Rogaway-Shrimpton, CRYPTO 2002).

var input [32]byte
var key [32]byte
hash256 := aes.Vistrutah256MP(&input, key[:], aes.Vistrutah256RoundsLong)  // [32]byte

var input64 [64]byte
var key64 [64]byte
hash512 := aes.Vistrutah512MP(&input64, key64[:], aes.Vistrutah512RoundsLong512Key)  // [64]byte

Examples

Cymric

Lightweight authenticated encryption (AEAD) using two AES-128 keys. Located in examples/cymric/.

Two variants:

  • Cymric1: |msg| + |nonce| <= 16, |nonce| + |ad| <= 15
  • Cymric2: |msg| <= 16, |nonce| + |ad| <= 15
import "github.com/jedisct1/go-aes/examples/cymric"

var key [32]byte
copy(key[:], keyBytes)
ctx := cymric.NewContext(&key)

// Encrypt
nonce := make([]byte, 12)
msg := []byte("Hi!")
ad := []byte("v1")
ctext := make([]byte, len(msg))
var tag [16]byte
ctx.Cymric1Encrypt(ctext, &tag, msg, ad, nonce)

// Decrypt
ptext := make([]byte, len(ctext))
err := ctx.Cymric1Decrypt(ptext, ctext, &tag, ad, nonce)

Features: 256-bit key, 128-bit tag, constant-time verification, zero allocations.

LeMac

High-speed MAC using parallel AES rounds. Located in examples/lemac/.

import "github.com/jedisct1/go-aes/examples/lemac"

var key [16]byte
var nonce [16]byte
copy(key[:], "SecretMACKey1234")

ctx := lemac.NewLeMacContext(key)
tag := lemac.LeMac(ctx, []byte("Authenticate this"), nonce)

Provides 128-bit security with unique nonces, 64-bit with static nonces.

Skye KDF

Key derivation function for DH shared secrets (e.g., X3DH handshakes). Located in examples/skye/.

import "github.com/jedisct1/go-aes/examples/skye"

samples := [][]byte{dh1, dh2, dh3}  // 3-4 DH secrets (32 bytes each)
var info skye.SkyeInfo
copy(info[:], "Signal Protocol v1.0")

key, _ := skye.Skye(samples, &info, 64)

// For multiple derivations
ctx, _ := skye.NewSkyeContext(samples)
key1 := ctx.Expand(&info1, 32)
key2 := ctx.Expand(&info2, 32)

Reference: ePrint 2024/781

MacaKey

Full-state keyed sponge PRF/MAC using Areion512. Located in examples/macakey/.

import "github.com/jedisct1/go-aes/examples/macakey"

var key [32]byte
copy(key[:], keyBytes)

// One-shot MAC
mac, _ := macakey.Macakey(key[:], message, 32)

// Streaming
ctx, _ := macakey.NewMacakeyContext(key[:])
ctx.Write(chunk1)
ctx.Write(chunk2)
mac := ctx.Sum(32)

// With explicit IV (32 bytes)
mac, _ := macakey.MacakeyWithIV(key[:], iv, message, 32)

Based on MacaKey V2 with NCP-based domain separation. Provides 128-bit security.

Performance

Hardware acceleration provides ~10x speedup over pure Go. VAES with AVX512 processes four blocks in roughly the time of one. Multi-round functions add another 2-3x improvement.

go test -bench=.

API Reference

Round Functions
Function Description
Round(block, key *Block) Forward round (key XOR at end)
InvRound(block, key *Block) Inverse round
FinalRound(block, key *Block) Final round (no MixColumns)
RoundKeyFirst(block, key *Block) Key XOR at beginning
RoundNoKey(block *Block) No key XOR
RoundHW(block, key *Block) Hardware-accelerated
Individual Transformations

SubBytes, ShiftRows, MixColumns, AddRoundKey and their inverse variants.

Parallel Operations
Function Description
Round2(Block2, Key2) Block2 Process 2 blocks
Round4(Block4, Key4) Block4 Process 4 blocks

Available in standard, KeyFirst, NoKey, and HW variants.

Multi-Round Functions

Rounds4, Rounds6, Rounds7, Rounds10, Rounds12, Rounds14 with inverse, NoKey, HW, and WithFinal variants.

Key Expansion
Function Description
KeyExpansion128([16]byte) [176]byte AES-128 key expansion
KeyExpansion192([24]byte) [208]byte AES-192 key expansion
KeyExpansion256([32]byte) [240]byte AES-256 key expansion
NewKeySchedule([]byte) (*KeySchedule, error) Create key schedule
Complete AES Encryption

EncryptBlockAES128, EncryptBlockAES192, EncryptBlockAES256, EncryptBlockAES for full block encryption.

Constructions
Construction Key Functions
Areion Areion256.Permute/InversePermute, Areion512.Permute/InversePermute, Areion256DM, Areion512DM, Areion256EM/EMDecrypt, Areion512EM/EMDecrypt, AreionSoEM256, AreionSoEM512
AES-PRF NewAESPRF, (*AESPRF).PRF
Haraka Haraka256, Haraka512, Haraka256ToBlock, Haraka512ToBlock
KIASU-BC NewKiasuContext, KiasuEncrypt, KiasuDecrypt
Deoxys-BC-256 NewDeoxysBC256, DeoxysBC256Encrypt, DeoxysBC256Decrypt
ButterKnife ButterKnife, NewButterKnifeContext, (*ButterKnifeContext).Eval
Pholkos NewPholkos256Context, NewPholkos512Context, Pholkos256Encrypt/Decrypt
Vistrutah Vistrutah256Encrypt/Decrypt, Vistrutah512Encrypt/Decrypt, Vistrutah256MP, Vistrutah512MP
Skye KDF (examples/skye)

Skye, NewSkyeContext, DExtLsb, FExp

Testing

go test -v              # Run all tests
go test -v -run TestName  # Run specific test
go test -bench=.        # Run benchmarks

The test suite includes FIPS-197 test vectors and cross-platform tests ensuring hardware and software implementations produce identical results.

Documentation

Overview

Package aes provides low-level AES (Advanced Encryption Standard) operations with hardware acceleration support for Intel AES-NI (amd64), ARM Crypto Extensions (arm64), and VAES (Vector AES) for parallel block processing.

This package exposes individual AES round functions, transformations, and key schedules rather than providing a complete block cipher implementation. It is designed for building custom cryptographic constructions that need direct access to AES primitives.

Core Features

Low-level AES Operations:

  • SubBytes/InvSubBytes - S-box transformations
  • ShiftRows/InvShiftRows - Row permutations
  • MixColumns/InvMixColumns - Column mixing in GF(2^8)
  • AddRoundKey - XOR with round key
  • Round/InvRound - Complete encryption/decryption rounds

Parallel Processing:

  • Block2 (32 bytes) - Process 2 AES blocks simultaneously
  • Block4 (64 bytes) - Process 4 AES blocks simultaneously
  • Hardware acceleration via VAES (Intel) or ARM Crypto Extensions

Areion Permutations:

  • Areion256 (32-byte state) - 10-round wide-block permutation
  • Areion512 (64-byte state) - 15-round wide-block permutation
  • Suitable for hash functions and authenticated encryption

Hardware Acceleration

The package automatically detects and uses available CPU features:

  • Intel AES-NI (AESENC/AESDEC instructions)
  • ARM Crypto Extensions (AESE/AESD instructions)
  • VAES (AVX2 for 2 blocks, AVX512 for 4 blocks in parallel)

Hardware-accelerated functions have the "HW" suffix and automatically fall back to software implementations when hardware support is unavailable.

Round Function Variants

The package provides three variants of round functions to support different cryptographic constructions:

Standard Rounds (e.g., Round, InvRound):

  • Key XOR at the end
  • Matches Intel AES-NI and FIPS-197 semantics
  • Default choice for most applications

KeyFirst Variants (e.g., RoundKeyFirst, InvRoundKeyFirst):

  • Key XOR at the beginning
  • Matches ARM Crypto instruction semantics
  • More efficient on ARM processors

NoKey Variants (e.g., RoundNoKey, InvRoundNoKey):

  • No key XOR operation
  • Used for permutations and custom constructions

Key Schedules

Key expansion is provided via the KeySchedule type:

  • Supports AES-128 (16-byte keys, 10 rounds)
  • Supports AES-192 (24-byte keys, 12 rounds)
  • Supports AES-256 (32-byte keys, 14 rounds)

Multi-Round Operations

For better performance, multi-round functions combine multiple rounds in a single call, reducing function call overhead and enabling better instruction pipelining:

  • Rounds4/7/10/12/14 - Execute N rounds
  • RoundsNWithFinal - N-1 full rounds + 1 final round (standard AES)
  • Hardware-accelerated variants available (e.g., Rounds10HW)

Example: Basic AES-128 Encryption 

package main

import (
    "fmt"
    "github.com/jedisct1/go-aes"
)

func main() {
    // Create a key schedule from a 16-byte key (AES-128)
    key := []byte{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
                  0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}
    ks, _ := aes.NewKeySchedule(key)

    // Prepare a block for encryption
    var block aes.Block
    copy(block[:], []byte("hello world!!!!"))

    // Encrypt using the high-level helper
    aes.EncryptBlockAES128(&block, ks)

    fmt.Printf("Encrypted: %x\n", block)
}

Example: Parallel Block Processing 

// Process 2 blocks in parallel with VAES acceleration
var blocks aes.Block2
copy(blocks[0:16], plaintext1)
copy(blocks[16:32], plaintext2)

// Create per-block round keys
var roundKeys aes.Key2
roundKeys.SetKey(0, ks.GetRoundKey(1))
roundKeys.SetKey(1, ks.GetRoundKey(1))

// Execute one round on both blocks
aes.Round2HW(&blocks, &roundKeys)

Example: Areion256 Permutation 

var state aes.Areion256
copy(state[:], input)
state.Permute()
// state now contains the permuted output

Platform Support

The package supports:

  • amd64 with AES-NI and VAES (Intel/AMD)
  • arm64 with ARM Crypto Extensions
  • Pure Go fallback for all platforms

Performance Considerations

For optimal performance:

  • Use hardware-accelerated functions (HW suffix) when available
  • Use multi-round functions instead of calling single rounds repeatedly
  • Use parallel operations (Block2/Block4) when processing multiple blocks
  • Check CPU features with the CPU variable to select the best code path

Security Notes

This package provides low-level AES primitives and does NOT implement:

  • Authenticated encryption modes (GCM, EAX, etc.)
  • Block cipher modes of operation (CBC, CTR, etc.)
  • Key derivation or management
  • Protection against side-channel attacks beyond hardware instructions

Users are responsible for:

  • Implementing appropriate modes of operation
  • Managing keys securely
  • Using proper nonces and IVs
  • Ensuring thread safety when needed

This package is intended for cryptography experts building custom constructions. For standard AES encryption, consider using Go's crypto/aes and crypto/cipher packages instead.

Index

Constants

View Source 
const (
	Vistrutah256BlockSize = 32
	Vistrutah512BlockSize = 64

	RoundsPerStep = 2

	Vistrutah256RoundsShort       = 10 // 5 steps, for HCTR2/ForkCipher
	Vistrutah256RoundsLong        = 14 // 7 steps, full security
	Vistrutah512RoundsShort256Key = 10 // 256-bit key, 5 steps
	Vistrutah512RoundsShort512Key = 12 // 512-bit key, 6 steps
	Vistrutah512RoundsLong256Key  = 14 // 256-bit key, 7 steps
	Vistrutah512RoundsLong512Key  = 18 // 512-bit key, 9 steps
)

Variables

This section is empty.

Functions

func AddRoundKey 

func AddRoundKey(block *Block, roundKey *Block)

AddRoundKey XORs the block with the round key.

func Areion256DM added in v0.1.1 

func Areion256DM(input *[32]byte) [32]byte

Areion256DM computes the Areion256-DM short fixed-input hash of a 32-byte input. It applies the Davies-Meyer construction: h = P(m) XOR m, returning the full 32-byte result as the digest.

func Areion256EM added in v0.1.1 

func Areion256EM(key *[32]byte, block *[32]byte) [32]byte

Areion256EM encrypts a 32-byte block using the single-key Even-Mansour construction with the Areion256 permutation: E_k(m) = P(m ⊕ k) ⊕ k.

func Areion256EMDecrypt added in v0.1.1 

func Areion256EMDecrypt(key *[32]byte, block *[32]byte) [32]byte

Areion256EMDecrypt decrypts a 32-byte block using the single-key Even-Mansour construction with the Areion256 inverse permutation: D_k(c) = P^{-1}(c ⊕ k) ⊕ k.

func Areion512DM added in v0.1.1 

func Areion512DM(input *[64]byte) [32]byte

Areion512DM computes the Areion512-DM short fixed-input hash of a 64-byte input. It applies the Davies-Meyer construction: h = P(m) XOR m, then extracts 32 bytes from specific positions in the state as the digest.

func Areion512EM added in v0.1.1 

func Areion512EM(key *[64]byte, block *[64]byte) [64]byte

Areion512EM encrypts a 64-byte block using the single-key Even-Mansour construction with the Areion512 permutation: E_k(m) = P(m ⊕ k) ⊕ k.

func Areion512EMDecrypt added in v0.1.1 

func Areion512EMDecrypt(key *[64]byte, block *[64]byte) [64]byte

Areion512EMDecrypt decrypts a 64-byte block using the single-key Even-Mansour construction with the Areion512 inverse permutation: D_k(c) = P^{-1}(c ⊕ k) ⊕ k.

func AreionSoEM256 added in v0.1.1 

func AreionSoEM256(key *[64]byte, input *[32]byte) [32]byte

AreionSoEM256 computes a PRF using Sum of Even-Mansour with Areion256. F(k1, k2, m) = P(m XOR k1) XOR P(m XOR k2 XOR d), where d is a domain separation constant and P is the Areion256 permutation. With two independent 32-byte subkeys, this achieves ~170-bit PRF security (beyond birthday bound). Key is 64 bytes (two independent 32-byte subkeys). Input and output are 32 bytes.

func AreionSoEM512 added in v0.1.1 

func AreionSoEM512(key *[128]byte, input *[64]byte) [64]byte

AreionSoEM512 computes a PRF using Sum of Even-Mansour with Areion512. F(k1, k2, m) = P(m XOR k1) XOR P(m XOR k2 XOR d), where d is a domain separation constant and P is the Areion512 permutation. With two independent 64-byte subkeys, this achieves ~341-bit PRF security (beyond birthday bound). Key is 128 bytes (two independent 64-byte subkeys). Input and output are 64 bytes.

func DeoxysAddRoundTweakey 

func DeoxysAddRoundTweakey(state *Block, rtk *DeoxysRoundTweakeys, roundNum int, domain byte)

DeoxysAddRoundTweakey XORs round tweakey and round constant into the state.

func DeoxysLFSR2 

func DeoxysLFSR2(tk *Block)

DeoxysLFSR2 applies the LFSR2 transformation to each byte of a tweakey state. LFSR2: (b7||...||b0) -> (b6||...||b0||b7⊕b5), polynomial x^8 + x^5 + 1

func DeoxysPermuteTK 

func DeoxysPermuteTK(tk *Block)

DeoxysPermuteTK applies the h permutation to a tweakey state.

func DeoxysRound 

func DeoxysRound(state *Block, rtk *DeoxysRoundTweakeys, roundNum int, domain byte)

DeoxysRound performs one Deoxys round: AddRoundTweakey, SubBytes, ShiftRows, MixColumns.

func EncryptBlockAES 

func EncryptBlockAES(block *Block, ks *KeySchedule)

EncryptBlockAES performs AES encryption with automatic key size detection.

func EncryptBlockAES128 

func EncryptBlockAES128(block *Block, ks *KeySchedule)

EncryptBlockAES128 performs complete AES-128 encryption.

func EncryptBlockAES192 

func EncryptBlockAES192(block *Block, ks *KeySchedule)

EncryptBlockAES192 performs complete AES-192 encryption.

func EncryptBlockAES256 

func EncryptBlockAES256(block *Block, ks *KeySchedule)

EncryptBlockAES256 performs complete AES-256 encryption.

func EncryptBlocksAES128 

func EncryptBlocksAES128(blocks []Block, ks *KeySchedule)

EncryptBlocksAES128 encrypts multiple blocks with AES-128.

func EncryptBlocksAES192 

func EncryptBlocksAES192(blocks []Block, ks *KeySchedule)

EncryptBlocksAES192 encrypts multiple blocks with AES-192.

func EncryptBlocksAES256 

func EncryptBlocksAES256(blocks []Block, ks *KeySchedule)

EncryptBlocksAES256 encrypts multiple blocks with AES-256.

func FinalRound 

func FinalRound(block *Block, roundKey *Block)

FinalRound performs SubBytes, ShiftRows, AddRoundKey (no MixColumns).

func FinalRound2 

func FinalRound2(blocks *Block2, roundKeys *Key2)

FinalRound2 performs the final AES encryption round on 2 blocks in parallel (software)

func FinalRound2HW 

func FinalRound2HW(blocks *Block2, roundKeys *Key2)

FinalRound2HW performs the final AES encryption round on 2 blocks with hardware acceleration if available

func FinalRound4 

func FinalRound4(blocks *Block4, roundKeys *Key4)

FinalRound4 performs the final AES encryption round on 4 blocks in parallel (software)

func FinalRound4HW 

func FinalRound4HW(blocks *Block4, roundKeys *Key4)

FinalRound4HW performs the final AES encryption round on 4 blocks with hardware acceleration if available

func FinalRoundHW 

func FinalRoundHW(block *Block, roundKey *Block)

FinalRoundHW performs the final AES encryption round with hardware acceleration if available

func FinalRoundKeyFirst 

func FinalRoundKeyFirst(block *Block, roundKey *Block)

FinalRoundKeyFirst performs AddRoundKey, SubBytes, ShiftRows (no MixColumns).

func FinalRoundKeyFirst2 

func FinalRoundKeyFirst2(blocks *Block2, roundKeys *Key2)

FinalRoundKeyFirst2 performs the final AES encryption round on 2 blocks in parallel with key XOR first (software)

func FinalRoundKeyFirst2HW 

func FinalRoundKeyFirst2HW(blocks *Block2, roundKeys *Key2)

func FinalRoundKeyFirst4 

func FinalRoundKeyFirst4(blocks *Block4, roundKeys *Key4)

FinalRoundKeyFirst4 performs the final AES encryption round on 4 blocks in parallel with key XOR first (software)

func FinalRoundKeyFirst4HW 

func FinalRoundKeyFirst4HW(blocks *Block4, roundKeys *Key4)

func FinalRoundKeyFirstHW 

func FinalRoundKeyFirstHW(block *Block, roundKey *Block)

func FinalRoundNoKey 

func FinalRoundNoKey(block *Block)

FinalRoundNoKey performs SubBytes, ShiftRows (no key XOR or MixColumns).

func FinalRoundNoKey2 

func FinalRoundNoKey2(blocks *Block2)

FinalRoundNoKey2 performs the final AES encryption round on 2 blocks in parallel without AddRoundKey (software)

func FinalRoundNoKey2HW 

func FinalRoundNoKey2HW(blocks *Block2)

func FinalRoundNoKey4 

func FinalRoundNoKey4(blocks *Block4)

FinalRoundNoKey4 performs the final AES encryption round on 4 blocks in parallel without AddRoundKey (software)

func FinalRoundNoKey4HW 

func FinalRoundNoKey4HW(blocks *Block4)

func FinalRoundNoKeyHW 

func FinalRoundNoKeyHW(block *Block)

func Haraka256 

func Haraka256(input *[32]byte) [32]byte

Haraka256 computes the Haraka-256 v2 hash of a 32-byte input. Returns a 32-byte hash output.

func Haraka256HW 

func Haraka256HW(input *[32]byte) [32]byte

Haraka256HW computes Haraka-256 with hardware acceleration if available.

func Haraka512 

func Haraka512(input *[64]byte) [32]byte

Haraka512 computes the Haraka-512 v2 hash of a 64-byte input. Returns a 32-byte hash output (truncated).

func Haraka512HW 

func Haraka512HW(input *[64]byte) [32]byte

Haraka512HW computes Haraka-512 with hardware acceleration if available.

func InvFinalRound 

func InvFinalRound(block *Block, roundKey *Block)

InvFinalRound performs InvShiftRows, InvSubBytes, AddRoundKey (no InvMixColumns).

func InvFinalRound2 

func InvFinalRound2(blocks *Block2, roundKeys *Key2)

InvFinalRound2 performs the final AES decryption round on 2 blocks in parallel (software)

func InvFinalRound2HW 

func InvFinalRound2HW(blocks *Block2, roundKeys *Key2)

InvFinalRound2HW performs the final AES decryption round on 2 blocks with hardware acceleration if available

func InvFinalRound4 

func InvFinalRound4(blocks *Block4, roundKeys *Key4)

InvFinalRound4 performs the final AES decryption round on 4 blocks in parallel (software)

func InvFinalRound4HW 

func InvFinalRound4HW(blocks *Block4, roundKeys *Key4)

InvFinalRound4HW performs the final AES decryption round on 4 blocks with hardware acceleration if available

func InvFinalRoundHW 

func InvFinalRoundHW(block *Block, roundKey *Block)

InvFinalRoundHW performs the final AES decryption round with hardware acceleration if available

func InvFinalRoundKeyFirst 

func InvFinalRoundKeyFirst(block *Block, roundKey *Block)

InvFinalRoundKeyFirst performs InvShiftRows, InvSubBytes, AddRoundKey.

func InvFinalRoundKeyFirst2 

func InvFinalRoundKeyFirst2(blocks *Block2, roundKeys *Key2)

InvFinalRoundKeyFirst2 performs the final AES decryption round on 2 blocks in parallel that inverts FinalRoundKeyFirst (software)

func InvFinalRoundKeyFirst2HW 

func InvFinalRoundKeyFirst2HW(blocks *Block2, roundKeys *Key2)

func InvFinalRoundKeyFirst4 

func InvFinalRoundKeyFirst4(blocks *Block4, roundKeys *Key4)

InvFinalRoundKeyFirst4 performs the final AES decryption round on 4 blocks in parallel that inverts FinalRoundKeyFirst (software)

func InvFinalRoundKeyFirst4HW 

func InvFinalRoundKeyFirst4HW(blocks *Block4, roundKeys *Key4)

func InvFinalRoundKeyFirstHW 

func InvFinalRoundKeyFirstHW(block *Block, roundKey *Block)

func InvFinalRoundNoKey 

func InvFinalRoundNoKey(block *Block)

InvFinalRoundNoKey performs InvShiftRows, InvSubBytes.

func InvFinalRoundNoKey2 

func InvFinalRoundNoKey2(blocks *Block2)

InvFinalRoundNoKey2 performs the inverse of FinalRoundNoKey on 2 blocks in parallel without AddRoundKey (software)

func InvFinalRoundNoKey2HW 

func InvFinalRoundNoKey2HW(blocks *Block2)

func InvFinalRoundNoKey4 

func InvFinalRoundNoKey4(blocks *Block4)

InvFinalRoundNoKey4 performs the inverse of FinalRoundNoKey on 4 blocks in parallel without AddRoundKey (software)

func InvFinalRoundNoKey4HW 

func InvFinalRoundNoKey4HW(blocks *Block4)

func InvFinalRoundNoKeyHW 

func InvFinalRoundNoKeyHW(block *Block)

func InvMixColumns 

func InvMixColumns(block *Block)

InvMixColumns is the inverse of MixColumns.

func InvMixColumns2HW 

func InvMixColumns2HW(blocks *Block2)

InvMixColumns2HW performs inverse MixColumns on 2 blocks with hardware acceleration if available

func InvMixColumns4HW 

func InvMixColumns4HW(blocks *Block4)

InvMixColumns4HW performs inverse MixColumns on 4 blocks with hardware acceleration if available

func InvMixColumnsHW 

func InvMixColumnsHW(block *Block)

InvMixColumnsHW performs inverse MixColumns with hardware acceleration if available

func InvRound 

func InvRound(block *Block, roundKey *Block)

InvRound performs InvShiftRows, InvSubBytes, InvMixColumns, AddRoundKey.

func InvRound2 

func InvRound2(blocks *Block2, roundKeys *Key2)

InvRound2 performs one AES decryption round on 2 blocks in parallel (software)

func InvRound2HW 

func InvRound2HW(blocks *Block2, roundKeys *Key2)

InvRound2HW performs one AES decryption round on 2 blocks with hardware acceleration if available

func InvRound4 

func InvRound4(blocks *Block4, roundKeys *Key4)

InvRound4 performs one AES decryption round on 4 blocks in parallel (software)

func InvRound4HW 

func InvRound4HW(blocks *Block4, roundKeys *Key4)

InvRound4HW performs one AES decryption round on 4 blocks with hardware acceleration if available

func InvRoundHW 

func InvRoundHW(block *Block, roundKey *Block)

InvRoundHW performs one AES decryption round with hardware acceleration if available

func InvRoundKeyFirst 

func InvRoundKeyFirst(block *Block, roundKey *Block)

InvRoundKeyFirst performs InvMixColumns, InvShiftRows, InvSubBytes, AddRoundKey.

func InvRoundKeyFirst2 

func InvRoundKeyFirst2(blocks *Block2, roundKeys *Key2)

InvRoundKeyFirst2 performs one AES decryption round on 2 blocks in parallel that inverts RoundKeyFirst (software)

func InvRoundKeyFirst2HW 

func InvRoundKeyFirst2HW(blocks *Block2, roundKeys *Key2)

func InvRoundKeyFirst4 

func InvRoundKeyFirst4(blocks *Block4, roundKeys *Key4)

InvRoundKeyFirst4 performs one AES decryption round on 4 blocks in parallel that inverts RoundKeyFirst (software)

func InvRoundKeyFirst4HW 

func InvRoundKeyFirst4HW(blocks *Block4, roundKeys *Key4)

func InvRoundKeyFirstHW 

func InvRoundKeyFirstHW(block *Block, roundKey *Block)

func InvRoundNoKey 

func InvRoundNoKey(block *Block)

InvRoundNoKey performs InvMixColumns, InvShiftRows, InvSubBytes.

func InvRoundNoKey2 

func InvRoundNoKey2(blocks *Block2)

InvRoundNoKey2 performs the inverse of RoundNoKey on 2 blocks in parallel without AddRoundKey (software)

func InvRoundNoKey2HW 

func InvRoundNoKey2HW(blocks *Block2)

func InvRoundNoKey4 

func InvRoundNoKey4(blocks *Block4)

InvRoundNoKey4 performs the inverse of RoundNoKey on 4 blocks in parallel without AddRoundKey (software)

func InvRoundNoKey4HW 

func InvRoundNoKey4HW(blocks *Block4)

func InvRoundNoKeyHW 

func InvRoundNoKeyHW(block *Block)

func InvRounds4 

func InvRounds4(block *Block, roundKeys *RoundKeys4)

InvRounds4 performs 4 AES decryption rounds (InvShiftRows, InvSubBytes, InvMixColumns, AddRoundKey)

func InvRounds4HW 

func InvRounds4HW(block *Block, roundKeys *RoundKeys4)

func InvRounds4NoKey 

func InvRounds4NoKey(block *Block)

InvRounds4NoKey performs 4 AES decryption rounds without AddRoundKey

func InvRounds4NoKeyHW 

func InvRounds4NoKeyHW(block *Block)

Falls back to software due to AESDEC operation order mismatch.

func InvRounds4NoKey_2 

func InvRounds4NoKey_2(blocks *Block2)

InvRounds4NoKey_2 performs 4 AES decryption rounds without AddRoundKey on 2 blocks

func InvRounds4NoKey_2HW 

func InvRounds4NoKey_2HW(blocks *Block2)

func InvRounds4NoKey_4 

func InvRounds4NoKey_4(blocks *Block4)

InvRounds4NoKey_4 performs 4 AES decryption rounds without AddRoundKey on 4 blocks

func InvRounds4NoKey_4HW 

func InvRounds4NoKey_4HW(blocks *Block4)

func InvRounds4WithFinal 

func InvRounds4WithFinal(block *Block, roundKeys *RoundKeys4)

InvRounds4WithFinal performs 3 full AES decryption rounds + 1 inverse final round

func InvRounds4WithFinalHW 

func InvRounds4WithFinalHW(block *Block, roundKeys *RoundKeys4)

func InvRounds4_2 

func InvRounds4_2(blocks *Block2, roundKeys *RoundKeys4)

InvRounds4_2 performs 4 AES decryption rounds on 2 blocks

func InvRounds4_2HW 

func InvRounds4_2HW(blocks *Block2, roundKeys *RoundKeys4)

func InvRounds4_4 

func InvRounds4_4(blocks *Block4, roundKeys *RoundKeys4)

InvRounds4_4 performs 4 AES decryption rounds on 4 blocks

func InvRounds4_4HW 

func InvRounds4_4HW(blocks *Block4, roundKeys *RoundKeys4)

func InvRounds6 

func InvRounds6(block *Block, roundKeys *RoundKeys6)

InvRounds6 performs 6 AES decryption rounds

func InvRounds6HW 

func InvRounds6HW(block *Block, roundKeys *RoundKeys6)

func InvRounds6WithFinal 

func InvRounds6WithFinal(block *Block, roundKeys *RoundKeys6)

InvRounds6WithFinal performs 5 full AES decryption rounds + 1 inverse final round

func InvRounds6WithFinalHW 

func InvRounds6WithFinalHW(block *Block, roundKeys *RoundKeys6)

func InvRounds7 

func InvRounds7(block *Block, roundKeys *RoundKeys7)

InvRounds7 performs 7 AES decryption rounds

func InvRounds7HW 

func InvRounds7HW(block *Block, roundKeys *RoundKeys7)

func InvRounds7NoKey 

func InvRounds7NoKey(block *Block)

InvRounds7NoKey performs 7 AES decryption rounds without AddRoundKey

func InvRounds7NoKeyHW 

func InvRounds7NoKeyHW(block *Block)

func InvRounds7NoKey_2 

func InvRounds7NoKey_2(blocks *Block2)

InvRounds7NoKey_2 performs 7 AES decryption rounds without AddRoundKey on 2 blocks

func InvRounds7NoKey_2HW 

func InvRounds7NoKey_2HW(blocks *Block2)

func InvRounds7NoKey_4 

func InvRounds7NoKey_4(blocks *Block4)

InvRounds7NoKey_4 performs 7 AES decryption rounds without AddRoundKey on 4 blocks

func InvRounds7NoKey_4HW 

func InvRounds7NoKey_4HW(blocks *Block4)

func InvRounds7WithFinal 

func InvRounds7WithFinal(block *Block, roundKeys *RoundKeys7)

InvRounds7WithFinal performs 6 full AES decryption rounds + 1 inverse final round

func InvRounds7WithFinalHW 

func InvRounds7WithFinalHW(block *Block, roundKeys *RoundKeys7)

func InvRounds7_2 

func InvRounds7_2(blocks *Block2, roundKeys *RoundKeys7)

InvRounds7_2 performs 7 AES decryption rounds on 2 blocks

func InvRounds7_2HW 

func InvRounds7_2HW(blocks *Block2, roundKeys *RoundKeys7)

func InvRounds7_4 

func InvRounds7_4(blocks *Block4, roundKeys *RoundKeys7)

InvRounds7_4 performs 7 AES decryption rounds on 4 blocks

func InvRounds7_4HW 

func InvRounds7_4HW(blocks *Block4, roundKeys *RoundKeys7)

func InvRounds10 

func InvRounds10(block *Block, roundKeys *RoundKeys10)

InvRounds10 performs 10 AES decryption rounds

func InvRounds10HW 

func InvRounds10HW(block *Block, roundKeys *RoundKeys10)

func InvRounds10NoKey 

func InvRounds10NoKey(block *Block)

InvRounds10NoKey performs 10 AES decryption rounds without AddRoundKey

func InvRounds10NoKeyHW 

func InvRounds10NoKeyHW(block *Block)

func InvRounds10NoKey_2 

func InvRounds10NoKey_2(blocks *Block2)

InvRounds10NoKey_2 performs 10 AES decryption rounds without AddRoundKey on 2 blocks

func InvRounds10NoKey_2HW 

func InvRounds10NoKey_2HW(blocks *Block2)

func InvRounds10NoKey_4 

func InvRounds10NoKey_4(blocks *Block4)

InvRounds10NoKey_4 performs 10 AES decryption rounds without AddRoundKey on 4 blocks

func InvRounds10NoKey_4HW 

func InvRounds10NoKey_4HW(blocks *Block4)

func InvRounds10WithFinal 

func InvRounds10WithFinal(block *Block, roundKeys *RoundKeys10)

InvRounds10WithFinal performs 9 full AES decryption rounds + 1 inverse final round (for AES-128)

func InvRounds10WithFinalHW 

func InvRounds10WithFinalHW(block *Block, roundKeys *RoundKeys10)

func InvRounds10_2 

func InvRounds10_2(blocks *Block2, roundKeys *RoundKeys10)

InvRounds10_2 performs 10 AES decryption rounds on 2 blocks

func InvRounds10_2HW 

func InvRounds10_2HW(blocks *Block2, roundKeys *RoundKeys10)

func InvRounds10_4 

func InvRounds10_4(blocks *Block4, roundKeys *RoundKeys10)

InvRounds10_4 performs 10 AES decryption rounds on 4 blocks

func InvRounds10_4HW 

func InvRounds10_4HW(blocks *Block4, roundKeys *RoundKeys10)

func InvRounds12 

func InvRounds12(block *Block, roundKeys *RoundKeys12)

InvRounds12 performs 12 AES decryption rounds

func InvRounds12HW 

func InvRounds12HW(block *Block, roundKeys *RoundKeys12)

func InvRounds12NoKey 

func InvRounds12NoKey(block *Block)

InvRounds12NoKey performs 12 AES decryption rounds without AddRoundKey

func InvRounds12NoKeyHW 

func InvRounds12NoKeyHW(block *Block)

func InvRounds12NoKey_2 

func InvRounds12NoKey_2(blocks *Block2)

InvRounds12NoKey_2 performs 12 AES decryption rounds without AddRoundKey on 2 blocks

func InvRounds12NoKey_2HW 

func InvRounds12NoKey_2HW(blocks *Block2)

func InvRounds12NoKey_4 

func InvRounds12NoKey_4(blocks *Block4)

InvRounds12NoKey_4 performs 12 AES decryption rounds without AddRoundKey on 4 blocks

func InvRounds12NoKey_4HW 

func InvRounds12NoKey_4HW(blocks *Block4)

func InvRounds12WithFinal 

func InvRounds12WithFinal(block *Block, roundKeys *RoundKeys12)

InvRounds12WithFinal performs 11 full AES decryption rounds + 1 inverse final round (for AES-192)

func InvRounds12WithFinalHW 

func InvRounds12WithFinalHW(block *Block, roundKeys *RoundKeys12)

func InvRounds12_2 

func InvRounds12_2(blocks *Block2, roundKeys *RoundKeys12)

InvRounds12_2 performs 12 AES decryption rounds on 2 blocks

func InvRounds12_2HW 

func InvRounds12_2HW(blocks *Block2, roundKeys *RoundKeys12)

func InvRounds12_4 

func InvRounds12_4(blocks *Block4, roundKeys *RoundKeys12)

InvRounds12_4 performs 12 AES decryption rounds on 4 blocks

func InvRounds12_4HW 

func InvRounds12_4HW(blocks *Block4, roundKeys *RoundKeys12)

func InvRounds14 

func InvRounds14(block *Block, roundKeys *RoundKeys14)

InvRounds14 performs 14 AES decryption rounds

func InvRounds14HW 

func InvRounds14HW(block *Block, roundKeys *RoundKeys14)

func InvRounds14NoKey 

func InvRounds14NoKey(block *Block)

InvRounds14NoKey performs 14 AES decryption rounds without AddRoundKey

func InvRounds14NoKeyHW 

func InvRounds14NoKeyHW(block *Block)

func InvRounds14NoKey_2 

func InvRounds14NoKey_2(blocks *Block2)

InvRounds14NoKey_2 performs 14 AES decryption rounds without AddRoundKey on 2 blocks

func InvRounds14NoKey_2HW 

func InvRounds14NoKey_2HW(blocks *Block2)

func InvRounds14NoKey_4 

func InvRounds14NoKey_4(blocks *Block4)

InvRounds14NoKey_4 performs 14 AES decryption rounds without AddRoundKey on 4 blocks

func InvRounds14NoKey_4HW 

func InvRounds14NoKey_4HW(blocks *Block4)

func InvRounds14WithFinal 

func InvRounds14WithFinal(block *Block, roundKeys *RoundKeys14)

InvRounds14WithFinal performs 13 full AES decryption rounds + 1 inverse final round (for AES-256)

func InvRounds14WithFinalHW 

func InvRounds14WithFinalHW(block *Block, roundKeys *RoundKeys14)

func InvRounds14_2 

func InvRounds14_2(blocks *Block2, roundKeys *RoundKeys14)

InvRounds14_2 performs 14 AES decryption rounds on 2 blocks

func InvRounds14_2HW 

func InvRounds14_2HW(blocks *Block2, roundKeys *RoundKeys14)

func InvRounds14_4 

func InvRounds14_4(blocks *Block4, roundKeys *RoundKeys14)

InvRounds14_4 performs 14 AES decryption rounds on 4 blocks

func InvRounds14_4HW 

func InvRounds14_4HW(blocks *Block4, roundKeys *RoundKeys14)

func InvShiftRows 

func InvShiftRows(block *Block)

InvShiftRows is the inverse of ShiftRows.

func InvSubBytes 

func InvSubBytes(block *Block)

InvSubBytes applies the inverse AES S-box substitution.

func MixColumns 

func MixColumns(block *Block)

MixColumns mixes bytes within each column using GF(2^8) multiplication.

func OptimalParallelBlocks 

func OptimalParallelBlocks() int

OptimalParallelBlocks returns the optimal number of AES blocks that should be processed in parallel on the current CPU for best performance:

  • 4: AVX512 with VAES, or ARM Crypto Extensions
  • 2: AVX2 with VAES (without AVX512), or ARM Crypto Extensions
  • 1: Single-block hardware acceleration only, or software fallback

Use this function to decide whether to use Block2, Block4, or single Block operations for maximum throughput.

func PadTweak 

func PadTweak(tweak [8]byte) [16]byte

PadTweak pads an 8-byte tweak to 16 bytes. The padding scheme places each 2-byte pair at the start of each 4-byte group: 8-byte tweak: [T0 T1 T2 T3 T4 T5 T6 T7] 16-byte padded: [T0 T1 00 00 T2 T3 00 00 T4 T5 00 00 T6 T7 00 00]

func PerBlockRounds4_2 

func PerBlockRounds4_2(blocks *Block2, keySets *PerBlockRoundKeys4_2)

PerBlockRounds4_2 performs 4 rounds on 2 blocks, each with its own keys

func PerBlockRounds4_2HW 

func PerBlockRounds4_2HW(blocks *Block2, keySets *PerBlockRoundKeys4_2)

func PerBlockRounds4_4 

func PerBlockRounds4_4(blocks *Block4, keySets *PerBlockRoundKeys4_4)

PerBlockRounds4_4 performs 4 rounds on 4 blocks, each with its own keys

func PerBlockRounds4_4HW 

func PerBlockRounds4_4HW(blocks *Block4, keySets *PerBlockRoundKeys4_4)

func PerBlockRounds7_2 

func PerBlockRounds7_2(blocks *Block2, keySets *PerBlockRoundKeys7_2)

PerBlockRounds7_2 performs 7 rounds on 2 blocks, each with its own keys

func PerBlockRounds7_2HW 

func PerBlockRounds7_2HW(blocks *Block2, keySets *PerBlockRoundKeys7_2)

func PerBlockRounds7_4 

func PerBlockRounds7_4(blocks *Block4, keySets *PerBlockRoundKeys7_4)

PerBlockRounds7_4 performs 7 rounds on 4 blocks, each with its own keys

func PerBlockRounds7_4HW 

func PerBlockRounds7_4HW(blocks *Block4, keySets *PerBlockRoundKeys7_4)

func PerBlockRounds10WithFinal_2 

func PerBlockRounds10WithFinal_2(blocks *Block2, keySets *PerBlockRoundKeys10_2)

PerBlockRounds10WithFinal_2 performs 9 full rounds + 1 final round on 2 blocks, each with its own keys

func PerBlockRounds10WithFinal_2HW 

func PerBlockRounds10WithFinal_2HW(blocks *Block2, keySets *PerBlockRoundKeys10_2)

func PerBlockRounds10WithFinal_4 

func PerBlockRounds10WithFinal_4(blocks *Block4, keySets *PerBlockRoundKeys10_4)

PerBlockRounds10WithFinal_4 performs 9 full rounds + 1 final round on 4 blocks, each with its own keys

func PerBlockRounds10WithFinal_4HW 

func PerBlockRounds10WithFinal_4HW(blocks *Block4, keySets *PerBlockRoundKeys10_4)

func PerBlockRounds10_2 

func PerBlockRounds10_2(blocks *Block2, keySets *PerBlockRoundKeys10_2)

PerBlockRounds10_2 performs 10 rounds on 2 blocks, each with its own keys

func PerBlockRounds10_2HW 

func PerBlockRounds10_2HW(blocks *Block2, keySets *PerBlockRoundKeys10_2)

func PerBlockRounds10_4 

func PerBlockRounds10_4(blocks *Block4, keySets *PerBlockRoundKeys10_4)

PerBlockRounds10_4 performs 10 rounds on 4 blocks, each with its own keys

func PerBlockRounds10_4HW 

func PerBlockRounds10_4HW(blocks *Block4, keySets *PerBlockRoundKeys10_4)

func PerBlockRounds12WithFinal_2 

func PerBlockRounds12WithFinal_2(blocks *Block2, keySets *PerBlockRoundKeys12_2)

PerBlockRounds12WithFinal_2 performs 11 full rounds + 1 final round on 2 blocks, each with its own keys

func PerBlockRounds12WithFinal_2HW 

func PerBlockRounds12WithFinal_2HW(blocks *Block2, keySets *PerBlockRoundKeys12_2)

func PerBlockRounds12WithFinal_4 

func PerBlockRounds12WithFinal_4(blocks *Block4, keySets *PerBlockRoundKeys12_4)

PerBlockRounds12WithFinal_4 performs 11 full rounds + 1 final round on 4 blocks, each with its own keys

func PerBlockRounds12WithFinal_4HW 

func PerBlockRounds12WithFinal_4HW(blocks *Block4, keySets *PerBlockRoundKeys12_4)

func PerBlockRounds12_2 

func PerBlockRounds12_2(blocks *Block2, keySets *PerBlockRoundKeys12_2)

PerBlockRounds12_2 performs 12 rounds on 2 blocks, each with its own keys

func PerBlockRounds12_2HW 

func PerBlockRounds12_2HW(blocks *Block2, keySets *PerBlockRoundKeys12_2)

func PerBlockRounds12_4 

func PerBlockRounds12_4(blocks *Block4, keySets *PerBlockRoundKeys12_4)

PerBlockRounds12_4 performs 12 rounds on 4 blocks, each with its own keys

func PerBlockRounds12_4HW 

func PerBlockRounds12_4HW(blocks *Block4, keySets *PerBlockRoundKeys12_4)

func PerBlockRounds14WithFinal_2 

func PerBlockRounds14WithFinal_2(blocks *Block2, keySets *PerBlockRoundKeys14_2)

PerBlockRounds14WithFinal_2 performs 13 full rounds + 1 final round on 2 blocks, each with its own keys

func PerBlockRounds14WithFinal_2HW 

func PerBlockRounds14WithFinal_2HW(blocks *Block2, keySets *PerBlockRoundKeys14_2)

func PerBlockRounds14WithFinal_4 

func PerBlockRounds14WithFinal_4(blocks *Block4, keySets *PerBlockRoundKeys14_4)

PerBlockRounds14WithFinal_4 performs 13 full rounds + 1 final round on 4 blocks, each with its own keys

func PerBlockRounds14WithFinal_4HW 

func PerBlockRounds14WithFinal_4HW(blocks *Block4, keySets *PerBlockRoundKeys14_4)

func PerBlockRounds14_2 

func PerBlockRounds14_2(blocks *Block2, keySets *PerBlockRoundKeys14_2)

PerBlockRounds14_2 performs 14 rounds on 2 blocks, each with its own keys

func PerBlockRounds14_2HW 

func PerBlockRounds14_2HW(blocks *Block2, keySets *PerBlockRoundKeys14_2)

func PerBlockRounds14_4 

func PerBlockRounds14_4(blocks *Block4, keySets *PerBlockRoundKeys14_4)

PerBlockRounds14_4 performs 14 rounds on 4 blocks, each with its own keys

func PerBlockRounds14_4HW 

func PerBlockRounds14_4HW(blocks *Block4, keySets *PerBlockRoundKeys14_4)

func Pholkos256Decrypt 

func Pholkos256Decrypt(block *Pholkos256Block, key *Pholkos256Key, tweak *PholkosTweak)

Pholkos256Decrypt decrypts a single 256-bit block.

func Pholkos256Encrypt 

func Pholkos256Encrypt(block *Pholkos256Block, key *Pholkos256Key, tweak *PholkosTweak)

Pholkos256Encrypt encrypts a single 256-bit block. This is a convenience function that creates a context and encrypts.

func Pholkos512Decrypt 

func Pholkos512Decrypt(block *Pholkos512Block, key *Pholkos256Key, tweak *PholkosTweak)

Pholkos512Decrypt decrypts a single 512-bit block with a 256-bit key.

func Pholkos512Decrypt512 

func Pholkos512Decrypt512(block *Pholkos512Block, key *Pholkos512Key, tweak *PholkosTweak)

Pholkos512Decrypt512 decrypts a single 512-bit block with a 512-bit key.

func Pholkos512Encrypt 

func Pholkos512Encrypt(block *Pholkos512Block, key *Pholkos256Key, tweak *PholkosTweak)

Pholkos512Encrypt encrypts a single 512-bit block with a 256-bit key.

func Pholkos512Encrypt512 

func Pholkos512Encrypt512(block *Pholkos512Block, key *Pholkos512Key, tweak *PholkosTweak)

Pholkos512Encrypt512 encrypts a single 512-bit block with a 512-bit key.

func Round 

func Round(block *Block, roundKey *Block)

Round performs SubBytes, ShiftRows, MixColumns, AddRoundKey.

func Round2 

func Round2(blocks *Block2, roundKeys *Key2)

Round2 performs one AES encryption round on 2 blocks simultaneously. Each block is processed with its corresponding round key from roundKeys. This is a software implementation; use Round2HW for hardware acceleration.

func Round2HW 

func Round2HW(blocks *Block2, roundKeys *Key2)

Round2HW performs one AES encryption round on 2 blocks with hardware acceleration if available

func Round4 

func Round4(blocks *Block4, roundKeys *Key4)

Round4 performs one AES encryption round on 4 blocks simultaneously. Each block is processed with its corresponding round key from roundKeys. This is a software implementation; use Round4HW for hardware acceleration.

func Round4HW 

func Round4HW(blocks *Block4, roundKeys *Key4)

Round4HW performs one AES encryption round on 4 blocks with hardware acceleration if available

func RoundHW 

func RoundHW(block *Block, roundKey *Block)

RoundHW performs one AES encryption round with hardware acceleration if available

func RoundKeyFirst 

func RoundKeyFirst(block *Block, roundKey *Block)

RoundKeyFirst performs AddRoundKey, SubBytes, ShiftRows, MixColumns.

func RoundKeyFirst2 

func RoundKeyFirst2(blocks *Block2, roundKeys *Key2)

RoundKeyFirst2 performs one AES encryption round on 2 blocks in parallel with key XOR first (software)

func RoundKeyFirst2HW 

func RoundKeyFirst2HW(blocks *Block2, roundKeys *Key2)

func RoundKeyFirst4 

func RoundKeyFirst4(blocks *Block4, roundKeys *Key4)

RoundKeyFirst4 performs one AES encryption round on 4 blocks in parallel with key XOR first (software)

func RoundKeyFirst4HW 

func RoundKeyFirst4HW(blocks *Block4, roundKeys *Key4)

func RoundKeyFirstHW 

func RoundKeyFirstHW(block *Block, roundKey *Block)

KeyFirst variants fall back to software on Intel since AES-NI instructions naturally XOR the key at the end (standard semantics)

func RoundNoKey 

func RoundNoKey(block *Block)

RoundNoKey performs SubBytes, ShiftRows, MixColumns (no key XOR).

func RoundNoKey2 

func RoundNoKey2(blocks *Block2)

RoundNoKey2 performs one AES encryption round on 2 blocks in parallel without AddRoundKey (software)

func RoundNoKey2HW 

func RoundNoKey2HW(blocks *Block2)

func RoundNoKey4 

func RoundNoKey4(blocks *Block4)

RoundNoKey4 performs one AES encryption round on 4 blocks in parallel without AddRoundKey (software)

func RoundNoKey4HW 

func RoundNoKey4HW(blocks *Block4)

func RoundNoKeyHW 

func RoundNoKeyHW(block *Block)

NoKey variants use software fallback on Intel since AES-NI instructions always include the key XOR operation

func Rounds4 

func Rounds4(block *Block, roundKeys *RoundKeys4)

Rounds4 performs 4 AES encryption rounds (SubBytes, ShiftRows, MixColumns, AddRoundKey)

func Rounds4HW 

func Rounds4HW(block *Block, roundKeys *RoundKeys4)

func Rounds4NoKey 

func Rounds4NoKey(block *Block)

Rounds4NoKey performs 4 AES encryption rounds without AddRoundKey

func Rounds4NoKeyHW 

func Rounds4NoKeyHW(block *Block)

func Rounds4NoKey_2 

func Rounds4NoKey_2(blocks *Block2)

Rounds4NoKey_2 performs 4 AES encryption rounds without AddRoundKey on 2 blocks

func Rounds4NoKey_2HW 

func Rounds4NoKey_2HW(blocks *Block2)

func Rounds4NoKey_4 

func Rounds4NoKey_4(blocks *Block4)

Rounds4NoKey_4 performs 4 AES encryption rounds without AddRoundKey on 4 blocks

func Rounds4NoKey_4HW 

func Rounds4NoKey_4HW(blocks *Block4)

func Rounds4_2 

func Rounds4_2(blocks *Block2, roundKeys *RoundKeys4)

Rounds4_2 performs 4 AES encryption rounds on 2 blocks

func Rounds4_2HW 

func Rounds4_2HW(blocks *Block2, roundKeys *RoundKeys4)

func Rounds4_4 

func Rounds4_4(blocks *Block4, roundKeys *RoundKeys4)

Rounds4_4 performs 4 AES encryption rounds on 4 blocks

func Rounds4_4HW 

func Rounds4_4HW(blocks *Block4, roundKeys *RoundKeys4)

func Rounds6 

func Rounds6(block *Block, roundKeys *RoundKeys6)

Rounds6 performs 6 AES encryption rounds

func Rounds6HW 

func Rounds6HW(block *Block, roundKeys *RoundKeys6)

func Rounds6WithFinal 

func Rounds6WithFinal(block *Block, roundKeys *RoundKeys6)

Rounds6WithFinal performs 5 full AES encryption rounds + 1 final round This is useful for constructions like AES-PRF where you need 5+1 rounds (5 rounds with MixColumns, final round without)

func Rounds6WithFinalHW 

func Rounds6WithFinalHW(block *Block, roundKeys *RoundKeys6)

func Rounds7 

func Rounds7(block *Block, roundKeys *RoundKeys7)

Rounds7 performs 7 AES encryption rounds

func Rounds7HW 

func Rounds7HW(block *Block, roundKeys *RoundKeys7)

func Rounds7NoKey 

func Rounds7NoKey(block *Block)

Rounds7NoKey performs 7 AES encryption rounds without AddRoundKey

func Rounds7NoKeyHW 

func Rounds7NoKeyHW(block *Block)

func Rounds7NoKey_2 

func Rounds7NoKey_2(blocks *Block2)

Rounds7NoKey_2 performs 7 AES encryption rounds without AddRoundKey on 2 blocks

func Rounds7NoKey_2HW 

func Rounds7NoKey_2HW(blocks *Block2)

func Rounds7NoKey_4 

func Rounds7NoKey_4(blocks *Block4)

Rounds7NoKey_4 performs 7 AES encryption rounds without AddRoundKey on 4 blocks

func Rounds7NoKey_4HW 

func Rounds7NoKey_4HW(blocks *Block4)

func Rounds7_2 

func Rounds7_2(blocks *Block2, roundKeys *RoundKeys7)

Rounds7_2 performs 7 AES encryption rounds on 2 blocks

func Rounds7_2HW 

func Rounds7_2HW(blocks *Block2, roundKeys *RoundKeys7)

func Rounds7_4 

func Rounds7_4(blocks *Block4, roundKeys *RoundKeys7)

Rounds7_4 performs 7 AES encryption rounds on 4 blocks

func Rounds7_4HW 

func Rounds7_4HW(blocks *Block4, roundKeys *RoundKeys7)

func Rounds10 

func Rounds10(block *Block, roundKeys *RoundKeys10)

Rounds10 performs 10 AES encryption rounds

func Rounds10HW 

func Rounds10HW(block *Block, roundKeys *RoundKeys10)

func Rounds10NoKey 

func Rounds10NoKey(block *Block)

Rounds10NoKey performs 10 AES encryption rounds without AddRoundKey

func Rounds10NoKeyHW 

func Rounds10NoKeyHW(block *Block)

func Rounds10NoKey_2 

func Rounds10NoKey_2(blocks *Block2)

Rounds10NoKey_2 performs 10 AES encryption rounds without AddRoundKey on 2 blocks

func Rounds10NoKey_2HW 

func Rounds10NoKey_2HW(blocks *Block2)

func Rounds10NoKey_4 

func Rounds10NoKey_4(blocks *Block4)

Rounds10NoKey_4 performs 10 AES encryption rounds without AddRoundKey on 4 blocks

func Rounds10NoKey_4HW 

func Rounds10NoKey_4HW(blocks *Block4)

func Rounds10WithFinal 

func Rounds10WithFinal(block *Block, roundKeys *RoundKeys10)

Rounds10WithFinal performs 9 full AES encryption rounds + 1 final round (for AES-128) This is the standard AES-128 structure: 9 rounds with MixColumns, final round without

func Rounds10WithFinalHW 

func Rounds10WithFinalHW(block *Block, roundKeys *RoundKeys10)

func Rounds10WithFinal_4 

func Rounds10WithFinal_4(blocks *Block4, roundKeys *RoundKeys10)

Rounds10WithFinal_4 performs 9 full AES encryption rounds + 1 final round on 4 blocks

func Rounds10WithFinal_4HW 

func Rounds10WithFinal_4HW(blocks *Block4, roundKeys *RoundKeys10)

func Rounds10_2 

func Rounds10_2(blocks *Block2, roundKeys *RoundKeys10)

Rounds10_2 performs 10 AES encryption rounds on 2 blocks

func Rounds10_2HW 

func Rounds10_2HW(blocks *Block2, roundKeys *RoundKeys10)

func Rounds10_4 

func Rounds10_4(blocks *Block4, roundKeys *RoundKeys10)

Rounds10_4 performs 10 AES encryption rounds on 4 blocks

func Rounds10_4HW 

func Rounds10_4HW(blocks *Block4, roundKeys *RoundKeys10)

func Rounds12 

func Rounds12(block *Block, roundKeys *RoundKeys12)

Rounds12 performs 12 AES encryption rounds

func Rounds12HW 

func Rounds12HW(block *Block, roundKeys *RoundKeys12)

func Rounds12NoKey 

func Rounds12NoKey(block *Block)

Rounds12NoKey performs 12 AES encryption rounds without AddRoundKey

func Rounds12NoKeyHW 

func Rounds12NoKeyHW(block *Block)

func Rounds12NoKey_2 

func Rounds12NoKey_2(blocks *Block2)

Rounds12NoKey_2 performs 12 AES encryption rounds without AddRoundKey on 2 blocks

func Rounds12NoKey_2HW 

func Rounds12NoKey_2HW(blocks *Block2)

func Rounds12NoKey_4 

func Rounds12NoKey_4(blocks *Block4)

Rounds12NoKey_4 performs 12 AES encryption rounds without AddRoundKey on 4 blocks

func Rounds12NoKey_4HW 

func Rounds12NoKey_4HW(blocks *Block4)

func Rounds12WithFinal 

func Rounds12WithFinal(block *Block, roundKeys *RoundKeys12)

Rounds12WithFinal performs 11 full AES encryption rounds + 1 final round (for AES-192)

func Rounds12WithFinalHW 

func Rounds12WithFinalHW(block *Block, roundKeys *RoundKeys12)

func Rounds12WithFinal_4 

func Rounds12WithFinal_4(blocks *Block4, roundKeys *RoundKeys12)

Rounds12WithFinal_4 performs 11 full AES encryption rounds + 1 final round on 4 blocks

func Rounds12WithFinal_4HW 

func Rounds12WithFinal_4HW(blocks *Block4, roundKeys *RoundKeys12)

func Rounds12_2 

func Rounds12_2(blocks *Block2, roundKeys *RoundKeys12)

Rounds12_2 performs 12 AES encryption rounds on 2 blocks

func Rounds12_2HW 

func Rounds12_2HW(blocks *Block2, roundKeys *RoundKeys12)

func Rounds12_4 

func Rounds12_4(blocks *Block4, roundKeys *RoundKeys12)

Rounds12_4 performs 12 AES encryption rounds on 4 blocks

func Rounds12_4HW 

func Rounds12_4HW(blocks *Block4, roundKeys *RoundKeys12)

func Rounds14 

func Rounds14(block *Block, roundKeys *RoundKeys14)

Rounds14 performs 14 AES encryption rounds

func Rounds14HW 

func Rounds14HW(block *Block, roundKeys *RoundKeys14)

func Rounds14NoKey 

func Rounds14NoKey(block *Block)

Rounds14NoKey performs 14 AES encryption rounds without AddRoundKey

func Rounds14NoKeyHW 

func Rounds14NoKeyHW(block *Block)

func Rounds14NoKey_2 

func Rounds14NoKey_2(blocks *Block2)

Rounds14NoKey_2 performs 14 AES encryption rounds without AddRoundKey on 2 blocks

func Rounds14NoKey_2HW 

func Rounds14NoKey_2HW(blocks *Block2)

func Rounds14NoKey_4 

func Rounds14NoKey_4(blocks *Block4)

Rounds14NoKey_4 performs 14 AES encryption rounds without AddRoundKey on 4 blocks

func Rounds14NoKey_4HW 

func Rounds14NoKey_4HW(blocks *Block4)

func Rounds14WithFinal 

func Rounds14WithFinal(block *Block, roundKeys *RoundKeys14)

Rounds14WithFinal performs 13 full AES encryption rounds + 1 final round (for AES-256)

func Rounds14WithFinalHW 

func Rounds14WithFinalHW(block *Block, roundKeys *RoundKeys14)

func Rounds14WithFinal_4 

func Rounds14WithFinal_4(blocks *Block4, roundKeys *RoundKeys14)

Rounds14WithFinal_4 performs 13 full AES encryption rounds + 1 final round on 4 blocks

func Rounds14WithFinal_4HW 

func Rounds14WithFinal_4HW(blocks *Block4, roundKeys *RoundKeys14)

func Rounds14_2 

func Rounds14_2(blocks *Block2, roundKeys *RoundKeys14)

Rounds14_2 performs 14 AES encryption rounds on 2 blocks

func Rounds14_2HW 

func Rounds14_2HW(blocks *Block2, roundKeys *RoundKeys14)

func Rounds14_4 

func Rounds14_4(blocks *Block4, roundKeys *RoundKeys14)

Rounds14_4 performs 14 AES encryption rounds on 4 blocks

func Rounds14_4HW 

func Rounds14_4HW(blocks *Block4, roundKeys *RoundKeys14)

func ShiftRows 

func ShiftRows(block *Block)

ShiftRows cyclically shifts bytes in each row (0,1,2,3 bytes respectively).

func SubBytes 

func SubBytes(block *Block)

SubBytes applies the AES S-box substitution to each byte.

func UseHardwareAcceleration 

func UseHardwareAcceleration() bool

UseHardwareAcceleration returns true if single-block hardware AES acceleration is available (Intel AES-NI or ARM Crypto Extensions). When true, *HW functions will use hardware instructions instead of software implementations.

func UseVectorAcceleration 

func UseVectorAcceleration() bool

UseVectorAcceleration returns true if vector AES acceleration (VAES) is available for parallel block processing. This requires VAES support plus either AVX2 (for 2 blocks) or AVX512 (for 4 blocks).

func Vistrutah256Decrypt 

func Vistrutah256Decrypt(ciphertext, plaintext, key []byte, rounds int)

Vistrutah256Decrypt decrypts a 32-byte ciphertext block using Vistrutah-256.

func Vistrutah256DecryptHW 

func Vistrutah256DecryptHW(ciphertext, plaintext, key []byte, rounds int)

Vistrutah256DecryptHW decrypts a 256-bit block using hardware AES-NI

func Vistrutah256Encrypt 

func Vistrutah256Encrypt(plaintext, ciphertext, key []byte, rounds int)

Vistrutah256Encrypt encrypts a 32-byte plaintext block using Vistrutah-256. Key must be 16 or 32 bytes. Rounds should be Vistrutah256RoundsShort (10) or Vistrutah256RoundsLong (14).

func Vistrutah256EncryptHW 

func Vistrutah256EncryptHW(plaintext, ciphertext, key []byte, rounds int)

Vistrutah256EncryptHW encrypts a 256-bit block using hardware AES-NI

func Vistrutah256MP added in v0.1.1 

func Vistrutah256MP(input *[32]byte, key []byte, rounds int) [32]byte

Vistrutah256MP computes a keyed hash using the Miyaguchi-Preneel construction: h = E(k, X) XOR k XOR X. This is one of the 12 provably secure PGV compression functions (Black-Rogaway-Shrimpton, CRYPTO 2002). Input is a fixed 32-byte block, key must be 16 or 32 bytes. Returns a 32-byte digest.

func Vistrutah512Decrypt 

func Vistrutah512Decrypt(ciphertext, plaintext, key []byte, rounds int)

Vistrutah512Decrypt decrypts a 64-byte ciphertext block using Vistrutah-512.

func Vistrutah512DecryptHW 

func Vistrutah512DecryptHW(ciphertext, plaintext, key []byte, rounds int)

Vistrutah512DecryptHW decrypts a 512-bit block using hardware AES-NI

func Vistrutah512Encrypt 

func Vistrutah512Encrypt(plaintext, ciphertext, key []byte, rounds int)

Vistrutah512Encrypt encrypts a 64-byte plaintext block using Vistrutah-512. Key must be 32 or 64 bytes.

func Vistrutah512EncryptHW 

func Vistrutah512EncryptHW(plaintext, ciphertext, key []byte, rounds int)

Vistrutah512EncryptHW encrypts a 512-bit block using hardware AES-NI

func Vistrutah512MP added in v0.1.1 

func Vistrutah512MP(input *[64]byte, key []byte, rounds int) [64]byte

Vistrutah512MP computes a keyed hash using the Miyaguchi-Preneel construction: h = E(k, X) XOR k XOR X. This is one of the 12 provably secure PGV compression functions (Black-Rogaway-Shrimpton, CRYPTO 2002). Input is a fixed 64-byte block, key must be 32 or 64 bytes. Returns a 64-byte digest.

func XorBlock 

func XorBlock(dst, a, b *Block)

XorBlock computes dst = a XOR b.

func XorBlock2 

func XorBlock2(dst, a, b *Block2)

XorBlock2 computes dst = a XOR b for Block2.

func XorBlock4 

func XorBlock4(dst, a, b *Block4)

XorBlock4 computes dst = a XOR b for Block4.

Types

type AESPRF 

type AESPRF struct {
	// contains filtered or unexported fields
}

AESPRF implements the AES-PRF construction with 4 rounds before feed-forward and 6 rounds after feed-forward (5 full + 1 final).

The construction is:

  1. Apply initial AddRoundKey with round key 0
  2. Apply 4 full AES rounds (SubBytes, ShiftRows, MixColumns, AddRoundKey)
  3. XOR the result with the original input (feed-forward)
  4. Apply 5 full AES rounds (SubBytes, ShiftRows, MixColumns, AddRoundKey)
  5. Apply final round (SubBytes, ShiftRows, AddRoundKey, no MixColumns)

This construction provides a pseudorandom function (PRF) based on the AES round function. The feed-forward XOR adds non-linearity that makes the construction particularly suitable for use in cryptographic hash functions, MACs, and key derivation.

Performance: ~152 ns/op with zero allocations on Apple M4 ARM64. Hardware acceleration (Intel AES-NI, ARM Crypto) is automatically used when available.

func NewAESPRF 

func NewAESPRF(key []byte) (*AESPRF, error)

NewAESPRF creates a new AES-PRF instance with the given key. The key must be 16, 24, or 32 bytes for AES-128, AES-192, or AES-256 respectively.

For AES-PRF, we use a 10-round structure regardless of key size:

  • 1 initial AddRoundKey
  • 4 full rounds
  • XOR feed-forward
  • 5 full rounds
  • 1 final round (no MixColumns)

This gives us a total of 10 rounds, matching AES-128 structure.

func (*AESPRF) PRF 

func (prf *AESPRF) PRF(block *Block)

PRF applies the AES-PRF construction to the input block. The input block is modified in place to contain the output.

The construction:

  1. state = AddRoundKey(input, roundKey[0])
  2. 4 full AES rounds using Rounds4HW (roundKeys[1-4])
  3. state = state ⊕ input (feed-forward)
  4. 5 full rounds + 1 final round using Rounds6WithFinalHW (roundKeys[5-10])

This implementation uses optimized multi-round functions (Rounds4HW and Rounds6WithFinalHW) for maximum performance. Hardware acceleration is automatically used when available.

Security: The 4+6 round configuration with feed-forward at round 4 provides security against known cryptanalytic attacks on AES-PRF constructions.

type Areion256 

type Areion256 [32]byte

Areion256 represents a 256-bit (32-byte) state for the Areion256 permutation. Areion256 is a wide-block cryptographic permutation built from AES round functions, designed for hash functions and authenticated encryption. The state consists of two 128-bit AES blocks processed through 10 rounds. The permutation uses round constants derived from the digits of pi and is hardware-accelerated on platforms with AES-NI or ARM Crypto Extensions.

func (*Areion256) InversePermute 

func (state *Areion256) InversePermute()

InversePermute applies the inverse of the Areion256 permutation in-place. This inverts the transformation performed by Permute, satisfying InversePermute(Permute(state)) == state. Like Permute, it automatically uses hardware acceleration when available.

func (*Areion256) Permute 

func (state *Areion256) Permute()

Permute applies the 10-round Areion256 permutation in-place. The permutation transforms the 32-byte state using AES round functions and pi-based constants. Automatically uses hardware acceleration (AES-NI or ARM Crypto) when available, otherwise falls back to software implementation. The permutation is designed to be secure for cryptographic applications like hash functions and MACs.

type Areion512 

type Areion512 [64]byte

Areion512 represents a 512-bit (64-byte) state for the Areion512 permutation. Areion512 is a wide-block cryptographic permutation providing higher throughput than Areion256 for large constructions. The state consists of four 128-bit AES blocks processed through 15 rounds. Like Areion256, it uses pi-based round constants and is hardware-accelerated on platforms with AES-NI or ARM Crypto.

func (*Areion512) InversePermute 

func (state *Areion512) InversePermute()

InversePermute applies the inverse of the Areion512 permutation in-place. This inverts the transformation performed by Permute, satisfying InversePermute(Permute(state)) == state. Like Permute, it automatically uses hardware acceleration when available.

func (*Areion512) Permute 

func (state *Areion512) Permute()

Permute applies the 15-round Areion512 permutation in-place. The permutation transforms the 64-byte state using AES round functions and pi-based constants, providing higher throughput than Areion256 for applications processing large amounts of data. Automatically uses hardware acceleration when available.

type Block 

type Block [16]byte

Block represents a 128-bit AES block (16 bytes)

func DeoxysBC256Decrypt 

func DeoxysBC256Decrypt(rk *DeoxysBC256RoundKeys, ciphertext *Block) Block

DeoxysBC256Decrypt decrypts a block using Deoxys-BC-256 (14 rounds).

func DeoxysBC256DecryptHW 

func DeoxysBC256DecryptHW(rk *DeoxysBC256RoundKeysHW, ciphertext *Block) Block

DeoxysBC256DecryptHW decrypts using hardware-accelerated Deoxys-BC-256

func DeoxysBC256Encrypt 

func DeoxysBC256Encrypt(rk *DeoxysBC256RoundKeys, plaintext *Block) Block

DeoxysBC256Encrypt encrypts a block using Deoxys-BC-256 (14 rounds).

func DeoxysBC256EncryptHW 

func DeoxysBC256EncryptHW(rk *DeoxysBC256RoundKeys, plaintext *Block) Block

DeoxysBC256EncryptHW encrypts using hardware-accelerated Deoxys-BC-256

func DeoxysRoundConstant 

func DeoxysRoundConstant(domain byte, roundNum int) Block

DeoxysRoundConstant generates a round constant with optional domain separation. Format: column 0 = [1,2,4,8], column 1 = [rc,rc,rc,rc], column 2 = [domain,domain,domain,domain]

func Haraka256ToBlock 

func Haraka256ToBlock(input *[32]byte) Block

Haraka256ToBlock computes Haraka-256 and returns a single 16-byte block. This is a convenience function that takes only the first half of the output.

func Haraka512ToBlock 

func Haraka512ToBlock(input *[64]byte) Block

Haraka512ToBlock computes Haraka-512 and returns a single 16-byte block. This is a convenience function that takes only the first half of the output.

type Block2 

type Block2 [32]byte

Block2 represents two 128-bit AES blocks (32 bytes total) for parallel processing. Used with AVX2/VAES (256-bit vectors) or ARM Crypto Extensions to process two independent blocks simultaneously. Layout: [block0|block1] where each block is 16 bytes.

func (*Block2) GetBlock 

func (b *Block2) GetBlock(i int) *Block

GetBlock returns a pointer to the i-th block (0 or 1) from a Block2. Panics if i is out of range. Uses unsafe pointer arithmetic for zero-overhead direct access.

func (*Block2) SetBlock 

func (b *Block2) SetBlock(i int, block *Block)

SetBlock copies the provided block to the i-th position (0 or 1) in a Block2. Panics if i is out of range. Uses direct memory assignment for efficiency.

type Block4 

type Block4 [64]byte

Block4 represents four 128-bit AES blocks (64 bytes total) for parallel processing. Used with AVX512/VAES (512-bit vectors) or ARM Crypto Extensions to process four independent blocks simultaneously. Layout: [block0|block1|block2|block3] where each block is 16 bytes.

func (*Block4) GetBlock 

func (b *Block4) GetBlock(i int) *Block

GetBlock returns a pointer to the i-th block (0-3) from a Block4. Panics if i is out of range. Uses unsafe pointer arithmetic for zero-overhead direct access.

func (*Block4) SetBlock 

func (b *Block4) SetBlock(i int, block *Block)

SetBlock copies the provided block to the i-th position (0-3) in a Block4. Panics if i is out of range. Uses direct memory assignment for efficiency.

type ButterKnifeContext 

type ButterKnifeContext struct {
	// contains filtered or unexported fields
}

ButterKnifeContext holds pre-expanded tweakey for multiple ButterKnife evaluations

func NewButterKnifeContext 

func NewButterKnifeContext(tweakey *Tweakey256) *ButterKnifeContext

NewButterKnifeContext creates a context with pre-expanded tweakey

func (*ButterKnifeContext) Eval 

func (ctx *ButterKnifeContext) Eval(input *Block) *ButterKnifeOutput

Eval evaluates ButterKnife with the pre-expanded tweakey

type ButterKnifeContextHW 

type ButterKnifeContextHW struct {
	// contains filtered or unexported fields
}

ButterKnifeContextHW holds pre-expanded tweakey for hardware-accelerated evaluation

func NewButterKnifeContextHW 

func NewButterKnifeContextHW(tweakey *Tweakey256) *ButterKnifeContextHW

NewButterKnifeContextHW creates a context with pre-computed subtweakeys

func (*ButterKnifeContextHW) EvalHW 

func (ctx *ButterKnifeContextHW) EvalHW(input *Block) *ButterKnifeOutput

EvalHW evaluates ButterKnife with hardware acceleration

type ButterKnifeOutput 

type ButterKnifeOutput [8]Block

ButterKnifeOutput holds the 8 output branches (1024 bits total)

func ButterKnife 

func ButterKnife(tweakey *Tweakey256, input *Block) *ButterKnifeOutput

ButterKnife computes the ButterKnife TPRF on input using the given tweakey. Input: 128-bit block Output: 1024 bits (8 × 128-bit blocks)

func ButterKnifeHW 

func ButterKnifeHW(tweakey *Tweakey256, input *Block) *ButterKnifeOutput

ButterKnifeHW evaluates ButterKnife TPRF with hardware acceleration

type CPUFeatures 

type CPUFeatures struct {
	HasAESNI     bool // Intel AES-NI instructions (AESENC/AESDEC)
	HasARMCrypto bool // ARM Crypto Extensions (AESE/AESD)
	HasVAES      bool // Vector AES instructions (VAESENC/VAESDEC)
	HasAVX2      bool // AVX2 support for 256-bit vectors (2 AES blocks with VAES)
	HasAVX512    bool // AVX512 support for 512-bit vectors (4 AES blocks with VAES)
}

CPUFeatures holds information about available CPU hardware acceleration features for AES operations. These flags are automatically detected at package initialization and used to select optimal implementations. 

var CPU CPUFeatures

CPU holds the detected CPU features for the current processor. This variable is initialized automatically at package init time. Check these fields to determine which hardware acceleration is available.

type DeoxysBC256RoundKeys 

type DeoxysBC256RoundKeys struct {
	STK [15]Block
}

DeoxysBC256RoundKeys holds the 15 precomputed subtweakeys for standard Deoxys-BC-256

func NewDeoxysBC256 

func NewDeoxysBC256(tweakey *Tweakey256) *DeoxysBC256RoundKeys

NewDeoxysBC256 expands a 256-bit tweakey into precomputed subtweakeys. Uses GF(2^8) multiplication for TK2 as per SUPERCOP reference.

type DeoxysBC256RoundKeysHW 

type DeoxysBC256RoundKeysHW struct {
	DeoxysBC256RoundKeys
	// InvSTK holds InvMixColumns(STK[1..13]) for hardware-accelerated decryption.
	// InvSTK[i] corresponds to InvMixColumns(STK[i]) for i in 1..13.
	// InvSTK[0] and InvSTK[14] are unused (first and last rounds don't use InvMixColumns).
	InvSTK [15]Block
}

DeoxysBC256RoundKeysHW holds precomputed keys for hardware-accelerated Deoxys-BC-256. Includes both encryption keys (STK) and inverse keys (InvSTK) for decryption.

func NewDeoxysBC256HW 

func NewDeoxysBC256HW(tweakey *Tweakey256) *DeoxysBC256RoundKeysHW

NewDeoxysBC256HW expands a 256-bit tweakey into precomputed subtweakeys for hardware-accelerated encryption and decryption. Includes inverse keys.

type DeoxysRoundTweakeys 

type DeoxysRoundTweakeys struct {
	TK1 [17]Block
	TK2 [17]Block
}

DeoxysRoundTweakeys holds expanded tweakey states for domain-separated constructions

func DeoxysExpandTweakey256 

func DeoxysExpandTweakey256(tweakey *Tweakey256) *DeoxysRoundTweakeys

DeoxysExpandTweakey256 expands a tweakey for domain-separated constructions. Returns 17 round tweakey states (indices 0-16) using LFSR2.

type Key2 

type Key2 [32]byte

Key2 represents two 128-bit round keys (32 bytes total) for parallel processing. Each block in a Block2 can be processed with its corresponding key, enabling different keys per lane. Layout: [key0|key1] where each key is 16 bytes.

func (*Key2) GetKey 

func (k *Key2) GetKey(i int) *Block

GetKey returns a pointer to the i-th key (0 or 1) from a Key2. Panics if i is out of range. Uses unsafe pointer arithmetic for zero-overhead direct access.

func (*Key2) SetKey 

func (k *Key2) SetKey(i int, key *Block)

SetKey copies the provided key to the i-th position (0 or 1) in a Key2. Panics if i is out of range. Uses direct memory assignment for efficiency.

type Key4 

type Key4 [64]byte

Key4 represents four 128-bit round keys (64 bytes total) for parallel processing. Each block in a Block4 can be processed with its corresponding key, enabling different keys per lane. Layout: [key0|key1|key2|key3] where each key is 16 bytes.

func (*Key4) GetKey 

func (k *Key4) GetKey(i int) *Block

GetKey returns a pointer to the i-th key (0-3) from a Key4. Panics if i is out of range. Uses unsafe pointer arithmetic for zero-overhead direct access.

func (*Key4) SetKey 

func (k *Key4) SetKey(i int, key *Block)

SetKey copies the provided key to the i-th position (0-3) in a Key4. Panics if i is out of range. Uses direct memory assignment for efficiency.

type KeySchedule 

type KeySchedule struct {
	// contains filtered or unexported fields
}

KeySchedule holds the expanded round keys for AES encryption and decryption. A key schedule is created from a cipher key and contains all the per-round keys needed for AES operations. The number of rounds depends on the key size: 10 rounds for AES-128, 12 for AES-192, and 14 for AES-256.

func InverseKeySchedule 

func InverseKeySchedule(encKS *KeySchedule) *KeySchedule

InverseKeySchedule creates a key schedule suitable for AES decryption from an encryption key schedule. This applies InvMixColumns to all middle round keys and reverses their order to match the "equivalent inverse cipher" form from FIPS-197. The first and last keys are copied as-is without InvMixColumns.

func NewKeySchedule 

func NewKeySchedule(key []byte) (*KeySchedule, error)

NewKeySchedule creates a key schedule from a cipher key using the AES key expansion algorithm. Supported key sizes:

  • 16 bytes (AES-128): 10 rounds
  • 24 bytes (AES-192): 12 rounds
  • 32 bytes (AES-256): 14 rounds

Returns an error if the key length is invalid.

func (*KeySchedule) GetRoundKey 

func (ks *KeySchedule) GetRoundKey(round int) *Block

GetRoundKey returns a pointer to the round key for the specified round number (0-based indexing). Round 0 is the initial key, and subsequent rounds are the expanded keys. Returns nil if the round number is out of range.

func (*KeySchedule) Rounds 

func (ks *KeySchedule) Rounds() int

Rounds returns the number of AES rounds for this key schedule: 10 for AES-128, 12 for AES-192, or 14 for AES-256.

type KiasuContext 

type KiasuContext struct {
	// contains filtered or unexported fields
}

KiasuContext holds the base key schedule for KIASU-BC encryption/decryption. For each encryption/decryption, a tweaked key schedule is created by XORing the base key schedule with the padded tweak.

func NewKiasuContext 

func NewKiasuContext(key [16]byte) (*KiasuContext, error)

NewKiasuContext creates a new KIASU-BC context with the given 16-byte key. The key schedule is identical to AES-128.

func (*KiasuContext) KiasuDecrypt 

func (ctx *KiasuContext) KiasuDecrypt(block [16]byte, tweak [8]byte) [16]byte

KiasuDecrypt decrypts a single 16-byte block using KIASU-BC. It creates tweaked round keys by XORing the base key schedule with the padded tweak, then performs standard AES-128 decryption using optimized multi-round functions.

func (*KiasuContext) KiasuDecryptHW 

func (ctx *KiasuContext) KiasuDecryptHW(block [16]byte, tweak [8]byte) [16]byte

KiasuDecryptHW decrypts a single 16-byte block using KIASU-BC with hardware acceleration. It uses hardware-accelerated multi-round AES functions when available.

func (*KiasuContext) KiasuEncrypt 

func (ctx *KiasuContext) KiasuEncrypt(block [16]byte, tweak [8]byte) [16]byte

KiasuEncrypt encrypts a single 16-byte block using KIASU-BC. It creates tweaked round keys by XORing the base key schedule with the padded tweak, then performs standard AES-128 encryption using optimized multi-round functions.

func (*KiasuContext) KiasuEncryptHW 

func (ctx *KiasuContext) KiasuEncryptHW(block [16]byte, tweak [8]byte) [16]byte

KiasuEncryptHW encrypts a single 16-byte block using KIASU-BC with hardware acceleration. It uses hardware-accelerated multi-round AES functions when available.

type PerBlockRoundKeys4_2 

type PerBlockRoundKeys4_2 [2]RoundKeys4

PerBlockRoundKeys4_2 holds 4 round keys for each of 2 blocks

type PerBlockRoundKeys4_4 

type PerBlockRoundKeys4_4 [4]RoundKeys4

PerBlockRoundKeys4_4 holds 4 round keys for each of 4 blocks

type PerBlockRoundKeys7_2 

type PerBlockRoundKeys7_2 [2]RoundKeys7

PerBlockRoundKeys7_2 holds 7 round keys for each of 2 blocks

type PerBlockRoundKeys7_4 

type PerBlockRoundKeys7_4 [4]RoundKeys7

PerBlockRoundKeys7_4 holds 7 round keys for each of 4 blocks

type PerBlockRoundKeys10_2 

type PerBlockRoundKeys10_2 [2]RoundKeys10

PerBlockRoundKeys10_2 holds 10 round keys for each of 2 blocks

type PerBlockRoundKeys10_4 

type PerBlockRoundKeys10_4 [4]RoundKeys10

PerBlockRoundKeys10_4 holds 10 round keys for each of 4 blocks

type PerBlockRoundKeys12_2 

type PerBlockRoundKeys12_2 [2]RoundKeys12

PerBlockRoundKeys12_2 holds 12 round keys for each of 2 blocks

type PerBlockRoundKeys12_4 

type PerBlockRoundKeys12_4 [4]RoundKeys12

PerBlockRoundKeys12_4 holds 12 round keys for each of 4 blocks

type PerBlockRoundKeys14_2 

type PerBlockRoundKeys14_2 [2]RoundKeys14

PerBlockRoundKeys14_2 holds 14 round keys for each of 2 blocks

type PerBlockRoundKeys14_4 

type PerBlockRoundKeys14_4 [4]RoundKeys14

PerBlockRoundKeys14_4 holds 14 round keys for each of 4 blocks

type Pholkos256Block 

type Pholkos256Block [32]byte

Pholkos256Block represents a 256-bit (32-byte) Pholkos-256 block.

type Pholkos256Context 

type Pholkos256Context struct {
	// contains filtered or unexported fields
}

Pholkos256Context holds precomputed round tweakeys for Pholkos-256 encryption.

func NewPholkos256Context 

func NewPholkos256Context(key *Pholkos256Key, tweak *PholkosTweak) *Pholkos256Context

NewPholkos256Context creates a new Pholkos-256 context with precomputed round tweakeys.

func (*Pholkos256Context) Decrypt 

func (ctx *Pholkos256Context) Decrypt(block *Pholkos256Block)

Decrypt decrypts a 256-bit block using the precomputed round tweakeys.

func (*Pholkos256Context) DecryptHW 

func (ctx *Pholkos256Context) DecryptHW(block *Pholkos256Block)

DecryptHW decrypts using hardware acceleration if available.

func (*Pholkos256Context) Encrypt 

func (ctx *Pholkos256Context) Encrypt(block *Pholkos256Block)

Encrypt encrypts a 256-bit block using the precomputed round tweakeys.

func (*Pholkos256Context) EncryptHW 

func (ctx *Pholkos256Context) EncryptHW(block *Pholkos256Block)

EncryptHW encrypts using hardware acceleration if available.

func (*Pholkos256Context) Retweak 

func (ctx *Pholkos256Context) Retweak(key *Pholkos256Key, tweak *PholkosTweak)

Retweak updates only the tweak-dependent parts of the round tweakeys.

func (*Pholkos256Context) Schedule 

func (ctx *Pholkos256Context) Schedule(key *Pholkos256Key, tweak *PholkosTweak)

Schedule computes the round tweakeys from the key and tweak.

type Pholkos256Key 

type Pholkos256Key [32]byte

Pholkos256Key represents a 256-bit (32-byte) key for Pholkos-256 or Pholkos-512-256.

type Pholkos512Block 

type Pholkos512Block [64]byte

Pholkos512Block represents a 512-bit (64-byte) Pholkos-512 block.

type Pholkos512Context 

type Pholkos512Context struct {
	// contains filtered or unexported fields
}

Pholkos512Context holds precomputed round tweakeys for Pholkos-512 encryption.

func NewPholkos512Context 

func NewPholkos512Context(key *Pholkos256Key, tweak *PholkosTweak) *Pholkos512Context

NewPholkos512Context creates a new Pholkos-512 context with a 256-bit key.

func NewPholkos512Context512 

func NewPholkos512Context512(key *Pholkos512Key, tweak *PholkosTweak) *Pholkos512Context

NewPholkos512Context512 creates a new Pholkos-512 context with a 512-bit key.

func (*Pholkos512Context) Decrypt 

func (ctx *Pholkos512Context) Decrypt(block *Pholkos512Block)

Decrypt decrypts a 512-bit block using the precomputed round tweakeys.

func (*Pholkos512Context) DecryptHW 

func (ctx *Pholkos512Context) DecryptHW(block *Pholkos512Block)

DecryptHW decrypts using hardware acceleration if available.

func (*Pholkos512Context) Encrypt 

func (ctx *Pholkos512Context) Encrypt(block *Pholkos512Block)

Encrypt encrypts a 512-bit block using the precomputed round tweakeys.

func (*Pholkos512Context) EncryptHW 

func (ctx *Pholkos512Context) EncryptHW(block *Pholkos512Block)

EncryptHW encrypts using hardware acceleration if available.

func (*Pholkos512Context) Schedule256 

func (ctx *Pholkos512Context) Schedule256(key *Pholkos256Key, tweak *PholkosTweak)

Schedule256 computes round tweakeys from a 256-bit key and tweak.

func (*Pholkos512Context) Schedule512 

func (ctx *Pholkos512Context) Schedule512(key *Pholkos512Key, tweak *PholkosTweak)

Schedule512 computes round tweakeys from a 512-bit key and tweak.

type Pholkos512Key 

type Pholkos512Key [64]byte

Pholkos512Key represents a 512-bit (64-byte) key for Pholkos-512-512.

type PholkosTweak 

type PholkosTweak [16]byte

PholkosTweak represents a 128-bit (16-byte) tweak.

type RoundKeys4 

type RoundKeys4 [4]Block // 4 round keys for 4 rounds

RoundKeys types for multi-round operations

type RoundKeys6 

type RoundKeys6 [6]Block // 6 round keys for 6 rounds (5 full + 1 final)

RoundKeys types for multi-round operations

type RoundKeys7 

type RoundKeys7 [7]Block // 7 round keys for 7 rounds

RoundKeys types for multi-round operations

type RoundKeys10 

type RoundKeys10 [10]Block // 10 round keys for 10 rounds

RoundKeys types for multi-round operations

type RoundKeys12 

type RoundKeys12 [12]Block // 12 round keys for 12 rounds

RoundKeys types for multi-round operations

type RoundKeys14 

type RoundKeys14 [14]Block // 14 round keys for 14 rounds

RoundKeys types for multi-round operations

type Tweakey256 

type Tweakey256 [32]byte

Tweakey256 represents a 256-bit tweakey (key || tweak, each 128 bits)

Source Files

View all Source files

Directories

Path Synopsis
examples
cymric
Package cymric implements Cymric1 and Cymric2 lightweight authenticated encryption.
 Package cymric implements Cymric1 and Cymric2 lightweight authenticated encryption.
lemac
macakey
skye

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.