stupidgcm

package

v1.4.5 Latest Latest Go to latest Published: Apr 5, 2021 License: AGPL-3.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package stupidgcm is a thin wrapper for OpenSSL's GCM encryption and decryption functions. It only support 32-byte keys and 16-bit IVs.

View Source

const (
	// BuiltWithoutOpenssl indicates if openssl been disabled at compile-time
	BuiltWithoutOpenssl = false
)

View Source

var ErrAuth = fmt.Errorf("stupidgcm: message authentication failed")

ErrAuth is returned when the message authentication fails

func New(keyIn []byte, forceDecode bool) cipher.AEAD

New returns a new cipher.AEAD implementation..

func PreferOpenSSL() bool

PreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.

Go GCM is only faster if the CPU either:

Is X86_64 && has AES instructions && Go is v1.6 or higher
Is ARM64 && has AES instructions && Go is v1.11 or higher (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)

type StupidGCM struct {
	// contains filtered or unexported fields
}

StupidGCM implements the cipher.AEAD interface

func (g *StupidGCM) NonceSize() int

NonceSize returns the required size of the nonce / IV.

func (g *StupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error)

Open decrypts "in" using "iv" and "authData" and append the result to "dst"

func (g *StupidGCM) Overhead() int

Overhead returns the number of bytes that are added for authentication.

func (g *StupidGCM) Seal(dst, iv, in, authData []byte) []byte

Seal encrypts "in" using "iv" and "authData" and append the result to "dst"

func (g *StupidGCM) Wipe()

Wipe tries to wipe the AES key from memory by overwriting it with zeros and setting the reference to nil.

This is not bulletproof due to possible GC copies, but still raises to bar for extracting the key.