aez

package module
v0.0.0-...-e49e68a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 27, 2021 License: CC0-1.0 Imports: 8 Imported by: 0

README

aez - AEZ (Duh)

Yawning Angel (yawning at schwanenlied dot me)

This is an implementation of AEZ, primarily based on the reference code. It appears to be correct and the output matches test vectors.

Features:

  • Constant time, always.
  • Will use AES-NI if available on AMD64.
  • Unlike the aesni code, supports a vector of AD, nbytes > 16, and tau > 16.

Benchmarks:

Version Message Size ns/op MB/s
aesni 1 2430 0.41
32 2161 14.80
512 2491 205.51
1024 2608 392.52
2048 2922 700.74
4096 3669 1116.12
8192 5096 1607.43
16384 7892 2075.93
32768 13214 2479.65
65536 24416 2684.11
1024768 381778 2684.20
ct64 (no-asm) 1 7185 0.14
32 9081 3.52
512 26117 19.60
1024 40259 25.43
2048 67867 30.18
4096 124411 32.92
8192 241456 33.93
16394 462033 35.46
32768 914127 35.85
65536 1804397 36.32
1024768 27380841 37.43
ct32 (no-asm) 1 6482 0.15
32 8673 3.69
512 26926 19.01
1024 45842 22.34
2048 83350 24.57
4096 159436 25.69
8192 322488 25.40
16394 618034 26.51
32768 1200462 27.30
65536 2366829 27.69
1024768 37128937 27.60

All numbers taken on an Intel i7-5600U with Turbo Boost disabled, running on linux/amd64. A 16 byte authenticator (tau) and no AD was used for each test. Even on systems without AES-NI certain operations are done using SSE2 (eg: XORs), but for the purposes of benchmarking this was disabled for the ct64/ct32 tests.

Documentation

Overview

Package aez implements the AEZ AEAD primitive.

See: http://web.cs.ucdavis.edu/~rogaway/aez/

Index

Constants

View Source
const (
	// Version is the version of the AEZ specification implemented.
	Version = "v5"
)

Variables

This section is empty.

Functions

func Decrypt

func Decrypt(key []byte, nonce []byte, additionalData [][]byte, tau int, ciphertext, dst []byte) ([]byte, bool)

Decrypt decrypts and authenticates the ciphertext, authenticates the additional data, and if successful appends the resulting plaintext to the provided slice and returns the updated slice and true. The length of the expected authentication tag in bytes is specified by tau. The ciphertext and dst slices MUST NOT overlap.

func Encrypt

func Encrypt(key []byte, nonce []byte, additionalData [][]byte, tau int, plaintext, dst []byte) []byte

Encrypt encrypts and authenticates the plaintext, authenticates the additional data, and appends the result to ciphertext, returning the updated slice. The length of the authentication tag in bytes is specified by tau. The plaintext and dst slices MUST NOT overlap.

func IsHardwareAccelerated

func IsHardwareAccelerated() bool

IsHardwareAccelerated returns true iff the AEZ implementation will use hardware acceleration (eg: AES-NI).

func New

func New(key []byte) (cipher.AEAD, error)

New returns AEZ wrapped in a new cipher.AEAD instance, with the recommended nonce and tag lengths.

Types

type AeadAEZ

type AeadAEZ struct {
	// contains filtered or unexported fields
}

AeadAEZ is AEZ wrapped in the crypto/cipher.AEAD interface. It expects a 16 byte nonce, and uses a 16 byte tag, per the recommended defaults in the specification.

The AEZ primitive itself supports a vector of authenticated data, variable length nonces, and variable length authentication tags. Users who require such functionality should investigate the one-shot Encrypt/Decrypt calls instead.

func (*AeadAEZ) NonceSize

func (a *AeadAEZ) NonceSize() int

NonceSize returns the size of the nonce that must be passed to Seal and Open.

func (*AeadAEZ) Open

func (a *AeadAEZ) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error)

Open decrypts and authenticates ciphertext, authenticates the additional data and, if successful, appends the resulting plaintext to dst, returning the updated slice. The nonce must be NonceSize() bytes long and both it and the additional data must match the value passed to Seal.

func (*AeadAEZ) Overhead

func (a *AeadAEZ) Overhead() int

Overhead returns the maximum difference between the lengths of a plaintext and its ciphertext.

func (*AeadAEZ) Reset

func (a *AeadAEZ) Reset()

Reset clears the sensitive keying material from the datastructure such that it will no longer be in memory.

func (*AeadAEZ) Seal

func (a *AeadAEZ) Seal(dst, nonce, plaintext, additionalData []byte) []byte

Seal encrypts and authenticates plaintext, authenticates the additional data and appends the result to dst, returning the updated slice. The nonce must be NonceSize() bytes long.

The nonce additionally should be unique for all time, for a given key, however the AEZ primitive does provide nonce-reuse misuse-resistance, see the paper for more details (MRAE).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL