Example #1
0
// Seal encrypts and authenticates plaintext, authenticates the
// additional data and appends the result to dst, returning the updated
// slice. opensslGCM supports any nonce size.
func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {

	// Preallocate output buffer
	var cipherBuf bytes.Buffer
	cipherBuf.Grow(len(dst) + len(plaintext) + AUTH_TAG_LEN)
	// Output will be appended to dst
	cipherBuf.Write(dst)

	ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
	if err != nil {
		panic(err)
	}
	err = ectx.ExtraData(data)
	if err != nil {
		panic(err)
	}
	part, err := ectx.EncryptUpdate(plaintext)
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)
	part, err = ectx.EncryptFinal()
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)
	part, err = ectx.GetTag()
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)

	return cipherBuf.Bytes()
}
Example #2
0
func BenchmarkOpensslEnc4K(b *testing.B) {
	buf := make([]byte, 1024*4)
	b.SetBytes(int64(len(buf)))

	var key [cryptfs.KEY_LEN]byte
	var nonce [12]byte

	var ciphertext bytes.Buffer
	var part []byte

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		ciphertext.Reset()
		ectx, err := openssl.NewGCMEncryptionCipherCtx(cryptfs.KEY_LEN*8, nil, key[:], nonce[:])
		if err != nil {
			b.FailNow()
		}
		part, err = ectx.EncryptUpdate(buf)
		if err != nil {
			b.FailNow()
		}
		ciphertext.Write(part)
		part, err = ectx.EncryptFinal()
		if err != nil {
			b.FailNow()
		}
		ciphertext.Write(part)
		part, err = ectx.GetTag()
		if err != nil {
			b.FailNow()
		}
		ciphertext.Write(part)
	}
}
Example #3
0
// Seal encrypts and authenticates plaintext, authenticates the
// additional data and appends the result to dst, returning the updated
// slice. The nonce must be NonceSize() bytes long and unique for all
// time, for a given key.
func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {

	cipherBuf := bytes.NewBuffer(dst)

	ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
	if err != nil {
		panic(err)
	}
	err = ectx.ExtraData(data)
	if err != nil {
		panic(err)
	}
	part, err := ectx.EncryptUpdate(plaintext)
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)
	part, err = ectx.EncryptFinal()
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)
	part, err = ectx.GetTag()
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)

	return cipherBuf.Bytes()
}
Example #4
0
func makeOpensslCiphertext() []byte {
	buf := make([]byte, 1024*4)
	var key [cryptfs.KEY_LEN]byte
	var nonce [12]byte
	var ciphertext bytes.Buffer
	var part []byte

	ectx, _ := openssl.NewGCMEncryptionCipherCtx(cryptfs.KEY_LEN*8, nil, key[:], nonce[:])
	part, _ = ectx.EncryptUpdate(buf)
	ciphertext.Write(part)
	part, _ = ectx.EncryptFinal()
	ciphertext.Write(part)
	part, _ = ectx.GetTag()
	ciphertext.Write(part)

	return ciphertext.Bytes()
}