diff options
author | Jakob Unterwurzacher | 2021-09-03 17:19:12 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2021-09-07 18:14:05 +0200 |
commit | d9e89cd0210b1d8a1c9cbb33c77013211dfc1ffd (patch) | |
tree | 43af4dbe383eb012e006116517cdfe036765e281 /internal | |
parent | 69d626b26f5a3f55c752b59af44710b992e2ab76 (diff) |
stupidgcm: use aead_seal for gcm as well
$ benchstat old.txt new.txt
name old time/op new time/op delta
StupidGCM-4 7.87µs ± 1% 6.64µs ± 2% -15.65% (p=0.000 n=10+10)
name old speed new speed delta
StupidGCM-4 520MB/s ± 1% 617MB/s ± 2% +18.56% (p=0.000 n=10+10)
Diffstat (limited to 'internal')
-rw-r--r-- | internal/stupidgcm/stupidgcm.go | 69 |
1 files changed, 12 insertions, 57 deletions
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go index 3499c85..46b6b86 100644 --- a/internal/stupidgcm/stupidgcm.go +++ b/internal/stupidgcm/stupidgcm.go @@ -5,6 +5,7 @@ package stupidgcm // #include <openssl/evp.h> +// #include "chacha.h" // #cgo pkg-config: libcrypto import "C" @@ -76,63 +77,17 @@ func (g *StupidGCM) Seal(dst, iv, in, authData []byte) []byte { buf = make([]byte, outLen) } - // https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode - - // Create scratch space "context" - ctx := C.EVP_CIPHER_CTX_new() - if ctx == nil { - log.Panic("EVP_CIPHER_CTX_new failed") - } - - // Set cipher to AES-256 - if C.EVP_EncryptInit_ex(ctx, C.EVP_aes_256_gcm(), nil, nil, nil) != 1 { - log.Panic("EVP_EncryptInit_ex I failed") - } - - // Use 16-byte IV - if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_IVLEN, ivLen, nil) != 1 { - log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN failed") - } - - // Set key and IV - if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 { - log.Panic("EVP_EncryptInit_ex II failed") - } - - // Provide authentication data - var resultLen C.int - if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 { - log.Panic("EVP_EncryptUpdate authData failed") - } - if int(resultLen) != len(authData) { - log.Panicf("Unexpected length %d", resultLen) - } - - // Encrypt "in" into "buf" - if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 { - log.Panic("EVP_EncryptUpdate failed") - } - if int(resultLen) != len(in) { - log.Panicf("Unexpected length %d", resultLen) - } - - // Finalise encryption - // Because GCM is a stream encryption, this will not write out any data. - dummy := make([]byte, 16) - if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 { - log.Panic("EVP_EncryptFinal_ex failed") - } - if resultLen != 0 { - log.Panicf("Unexpected length %d", resultLen) - } - - // Get GMAC tag and append it to the ciphertext in "buf" - if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 { - log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_GET_TAG failed") - } - - // Free scratch space - C.EVP_CIPHER_CTX_free(ctx) + C.aead_seal(C.aeadTypeGcm, + (*C.uchar)(&in[0]), + C.int(len(in)), + (*C.uchar)(&authData[0]), + C.int(len(authData)), + (*C.uchar)(&g.key[0]), + C.int(len(g.key)), + (*C.uchar)(&iv[0]), + C.int(len(iv)), + (*C.uchar)(&buf[0]), + C.int(len(buf))) if inplace { return dst[:len(dst)+outLen] |