From 779a850e0fb967aac79124c7e18b14706d5f2652 Mon Sep 17 00:00:00 2001
From: Frank Denis
Date: Tue, 25 Feb 2025 15:03:50 +0100
Subject: Add optional support for AEGIS encryption

AEGIS is a new family of authenticated encryption algorithms that offers
stronger security, higher usage limits, and better performance than AES-GCM.

This pull request adds support for a new `-aegis` command-line flag, allowing
AEGIS-128X2 to be used as an alternative to AES-GCM on CPUs with AES acceleration.

It also introduces the ability to use ciphers with different key sizes.

More information on AEGIS is available here:
- https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html
- https://github.com/cfrg/draft-irtf-cfrg-aegis-aead

gocryptfs -speed speed on Apple M1:

AES-GCM-256-OpenSSL              3718.79 MB/s
AES-GCM-256-Go                   5083.43 MB/s   (selected in auto mode)
AES-SIV-512-Go                    625.20 MB/s
XChaCha20-Poly1305-OpenSSL       1358.63 MB/s   (selected in auto mode)
XChaCha20-Poly1305-Go             832.11 MB/s
Aegis128X2-Go                   11818.73 MB/s

gocryptfs -speed speed on AMD Zen 4:

AES-GCM-256-OpenSSL              5215.86 MB/s
AES-GCM-256-Go                   6918.01 MB/s   (selected in auto mode)
AES-SIV-512-Go                    449.61 MB/s
XChaCha20-Poly1305-OpenSSL       2643.48 MB/s
XChaCha20-Poly1305-Go            3727.46 MB/s   (selected in auto mode)
Aegis128X2-Go                   28109.92 MB/s
---
 internal/contentenc/content_test.go | 9 ++++++---
 internal/contentenc/offsets_test.go | 3 ++-
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'internal/contentenc')

diff --git a/internal/contentenc/content_test.go b/internal/contentenc/content_test.go
index b20ccb1..2a34307 100644
--- a/internal/contentenc/content_test.go
+++ b/internal/contentenc/content_test.go
@@ -22,7 +22,8 @@ func TestSplitRange(t *testing.T) {
 		{6654, 8945},
 	}
 
-	key := make([]byte, cryptocore.KeyLen)
+	keyLen := cryptocore.BackendGoGCM.KeyLen
+	key := make([]byte, keyLen)
 	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
 	f := New(cc, DefaultBS)
 
@@ -50,7 +51,8 @@ func TestCiphertextRange(t *testing.T) {
 		{6654, 8945},
 	}
 
-	key := make([]byte, cryptocore.KeyLen)
+	keyLen := cryptocore.BackendGoGCM.KeyLen
+	key := make([]byte, keyLen)
 	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
 	f := New(cc, DefaultBS)
 
@@ -73,7 +75,8 @@ func TestCiphertextRange(t *testing.T) {
 }
 
 func TestBlockNo(t *testing.T) {
-	key := make([]byte, cryptocore.KeyLen)
+	keyLen := cryptocore.BackendGoGCM.KeyLen
+	key := make([]byte, keyLen)
 	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
 	f := New(cc, DefaultBS)
 
diff --git a/internal/contentenc/offsets_test.go b/internal/contentenc/offsets_test.go
index b35964a..0118c5e 100644
--- a/internal/contentenc/offsets_test.go
+++ b/internal/contentenc/offsets_test.go
@@ -9,7 +9,8 @@ import (
 
 // TestSizeToSize tests CipherSizeToPlainSize and PlainSizeToCipherSize
 func TestSizeToSize(t *testing.T) {
-	key := make([]byte, cryptocore.KeyLen)
+	keyLen := cryptocore.BackendGoGCM.KeyLen
+	key := make([]byte, keyLen)
 	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
 	ce := New(cc, DefaultBS)
 
-- 
cgit v1.2.3