seed

seed

This package is an implements SEED encryption with Go. The original source is here.

What is SEED

SEED is a block cipher developed by the Korea Internet & Security Agency (KISA). It is used broadly throughout South Korean industry, but seldom found elsewhere. It gained popularity in Korea because 40-bit encryption was not considered strong enough, so the Korea Information Security Agency developed its own standard. However, this decision has historically limited the competition of web browsers in Korea, as no major SSL libraries or web browsers supported the SEED algorithm, requiring users to use an ActiveX control in Internet Explorer for secure web sites.

On April 1, 2015 the Ministry of Science, ICT and Future Planning (MSIP) announced its plan to remove the ActiveX dependency from at least 90 percent of the country's top 100 websites by 2017. Instead, HTML5-based technologies will be employed as they operate on many platforms, including mobile devices. Starting with the private sector, the ministry plans to expand this further to ultimately remove this dependency from public websites as well.

Read more from Wikipedia

Disclaimer

Currently, only 128-bit encryption is supported. 256-bit encryption is under preparation.

Would you contribute?

Example

package main

import (
    "crypto/cipher"
    "crypto/rand"
    "encoding/base64"
    "errors"
    "fmt"
    "io"

    "github.com/geeksbaek/seed"
)

func main() {
    cipherKey := []byte("0123456789012345")
    msg := "A quick brown fox jumped over the lazy dog."

    encrypted, err := encrypt(cipherKey, msg)
    if err != nil {
        panic(err)
    }

    fmt.Printf("CIPHER KEY: %s\n", cipherKey)
    fmt.Printf("ENCRYPTED: %s\n", encrypted)

    decrypted, err := decrypt(cipherKey, encrypted)
    if err != nil {
        panic(err)
    }

    fmt.Printf("DECRYPTED: %s\n", decrypted)

    if msg != decrypted {
        panic("do not match msg and decrypted")
    }

    // CIPHER KEY: 0123456789012345
    // ENCRYPTED: 9VzqUQJh1JWmboAw_tfzzbHdaI8_53NHhBTFoNFPiPn4fqe_G44K0xQpYRyqRWAIp9ao-6OnTkJCh08=
    // DECRYPTED: A quick brown fox jumped over the lazy dog.
}

func encrypt(key []byte, message string) (encmess string, err error) {
    plainText := []byte(message)

    block, err := seed.NewCipher(key)
    if err != nil {
        return
    }

    // IV needs to be unique, but doesn't have to be secure.
    // It's common to put it at the beginning of the ciphertext.
    cipherText := make([]byte, seed.BlockSize+len(plainText))
    iv := cipherText[:seed.BlockSize]
    if _, err = io.ReadFull(rand.Reader, iv); err != nil {
        return
    }

    stream := cipher.NewCFBEncrypter(block, iv)
    stream.XORKeyStream(cipherText[seed.BlockSize:], plainText)

    // returns to base64 encoded string
    encmess = base64.URLEncoding.EncodeToString(cipherText)
    return
}

func decrypt(key []byte, securemess string) (decodedmess string, err error) {
    cipherText, err := base64.URLEncoding.DecodeString(securemess)
    if err != nil {
        return
    }

    block, err := seed.NewCipher(key)
    if err != nil {
        return
    }

    if len(cipherText) < seed.BlockSize {
        err = errors.New("Ciphertext block size is too short")
        return
    }

    // IV needs to be unique, but doesn't have to be secure.
    // It's common to put it at the beginning of the ciphertext.
    iv := cipherText[:seed.BlockSize]
    cipherText = cipherText[seed.BlockSize:]

    stream := cipher.NewCFBDecrypter(block, iv)
    // XORKeyStream can work in-place if the two arguments are the same.
    stream.XORKeyStream(cipherText, cipherText)

    decodedmess = string(cipherText)
    return
}

Benchmark

It is a benchmark against the aes algorithm on laptops with i5-8250u.

goos: windows
goarch: amd64
pkg: github.com/geeksbaek/seed
BenchmarkAESGCMSeal1K-8                  3000000               385 ns/op        2654.00 MB/s
BenchmarkSEED128GCMSeal1K-8                50000             27950 ns/op          36.64 MB/s
BenchmarkAESGCMOpen1K-8                  5000000               325 ns/op        3146.80 MB/s
BenchmarkSEED128GCMOpen1K-8                50000             27960 ns/op          36.62 MB/s
BenchmarkAESGCMSign8K-8                  1000000              1179 ns/op        6945.05 MB/s
BenchmarkSEED128GCMSign8K-8                30000             44199 ns/op         185.34 MB/s
BenchmarkAESGCMSeal8K-8                  1000000              2095 ns/op        3909.31 MB/s
BenchmarkSEED128GCMSeal8K-8                10000            234199 ns/op          34.98 MB/s
BenchmarkAESGCMOpen8K-8                  1000000              2272 ns/op        3604.85 MB/s
BenchmarkSEED128GCMOpen8K-8                 5000            247400 ns/op          33.11 MB/s
BenchmarkAESCFBEncrypt1K-8                500000              2658 ns/op         383.37 MB/s
BenchmarkSEED128CFBEncrypt1K-8             50000             24310 ns/op          41.92 MB/s
BenchmarkAESCFBDecrypt1K-8                500000              2644 ns/op         385.26 MB/s
BenchmarkSEED128CFBDecrypt1K-8             50000             24579 ns/op          41.46 MB/s
BenchmarkAESOFB1K-8                      1000000              1795 ns/op         567.69 MB/s
BenchmarkSEED128OFB1K-8                    50000             26129 ns/op          39.00 MB/s
BenchmarkAESCTR1K-8                      1000000              1800 ns/op         565.80 MB/s
BenchmarkSEED128CTR1K-8                    50000             22810 ns/op          44.67 MB/s
BenchmarkAESCBCEncrypt1K-8                500000              2542 ns/op         402.67 MB/s
BenchmarkSEED128CBCEncrypt1K-8             50000             26059 ns/op          39.29 MB/s
BenchmarkAESCBCDecrypt1K-8               1000000              2008 ns/op         509.95 MB/s
BenchmarkSEED128CBCDecrypt1K-8             50000             24119 ns/op          42.45 MB/s
PASS
ok      github.com/geeksbaek/seed    36.862s