// Seal encrypts and authenticates plaintext, authenticates the // additional data and appends the result to dst, returning the updated // slice. opensslGCM supports any nonce size. func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte { // Preallocate output buffer var cipherBuf bytes.Buffer cipherBuf.Grow(len(dst) + len(plaintext) + AUTH_TAG_LEN) // Output will be appended to dst cipherBuf.Write(dst) ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce) if err != nil { panic(err) } err = ectx.ExtraData(data) if err != nil { panic(err) } part, err := ectx.EncryptUpdate(plaintext) if err != nil { panic(err) } cipherBuf.Write(part) part, err = ectx.EncryptFinal() if err != nil { panic(err) } cipherBuf.Write(part) part, err = ectx.GetTag() if err != nil { panic(err) } cipherBuf.Write(part) return cipherBuf.Bytes() }
func BenchmarkOpensslEnc4K(b *testing.B) { buf := make([]byte, 1024*4) b.SetBytes(int64(len(buf))) var key [cryptfs.KEY_LEN]byte var nonce [12]byte var ciphertext bytes.Buffer var part []byte b.ResetTimer() for i := 0; i < b.N; i++ { ciphertext.Reset() ectx, err := openssl.NewGCMEncryptionCipherCtx(cryptfs.KEY_LEN*8, nil, key[:], nonce[:]) if err != nil { b.FailNow() } part, err = ectx.EncryptUpdate(buf) if err != nil { b.FailNow() } ciphertext.Write(part) part, err = ectx.EncryptFinal() if err != nil { b.FailNow() } ciphertext.Write(part) part, err = ectx.GetTag() if err != nil { b.FailNow() } ciphertext.Write(part) } }
// Seal encrypts and authenticates plaintext, authenticates the // additional data and appends the result to dst, returning the updated // slice. The nonce must be NonceSize() bytes long and unique for all // time, for a given key. func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte { cipherBuf := bytes.NewBuffer(dst) ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce) if err != nil { panic(err) } err = ectx.ExtraData(data) if err != nil { panic(err) } part, err := ectx.EncryptUpdate(plaintext) if err != nil { panic(err) } cipherBuf.Write(part) part, err = ectx.EncryptFinal() if err != nil { panic(err) } cipherBuf.Write(part) part, err = ectx.GetTag() if err != nil { panic(err) } cipherBuf.Write(part) return cipherBuf.Bytes() }
func makeOpensslCiphertext() []byte { buf := make([]byte, 1024*4) var key [cryptfs.KEY_LEN]byte var nonce [12]byte var ciphertext bytes.Buffer var part []byte ectx, _ := openssl.NewGCMEncryptionCipherCtx(cryptfs.KEY_LEN*8, nil, key[:], nonce[:]) part, _ = ectx.EncryptUpdate(buf) ciphertext.Write(part) part, _ = ectx.EncryptFinal() ciphertext.Write(part) part, _ = ectx.GetTag() ciphertext.Write(part) return ciphertext.Bytes() }