// Seal encrypts and authenticates plaintext, authenticates the
// additional data and appends the result to dst, returning the updated
// slice. opensslGCM supports any nonce size.
func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
// Preallocate output buffer
var cipherBuf bytes.Buffer
cipherBuf.Grow(len(dst) + len(plaintext) + AUTH_TAG_LEN)
// Output will be appended to dst
cipherBuf.Write(dst)
ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
if err != nil {
panic(err)
}
err = ectx.ExtraData(data)
if err != nil {
panic(err)
}
part, err := ectx.EncryptUpdate(plaintext)
if err != nil {
panic(err)
}
cipherBuf.Write(part)
part, err = ectx.EncryptFinal()
if err != nil {
panic(err)
}
cipherBuf.Write(part)
part, err = ectx.GetTag()
if err != nil {
panic(err)
}
cipherBuf.Write(part)
return cipherBuf.Bytes()
}
func BenchmarkOpensslEnc4K(b *testing.B) {
buf := make([]byte, 1024*4)
b.SetBytes(int64(len(buf)))
var key [cryptfs.KEY_LEN]byte
var nonce [12]byte
var ciphertext bytes.Buffer
var part []byte
b.ResetTimer()
for i := 0; i < b.N; i++ {
ciphertext.Reset()
ectx, err := openssl.NewGCMEncryptionCipherCtx(cryptfs.KEY_LEN*8, nil, key[:], nonce[:])
if err != nil {
b.FailNow()
}
part, err = ectx.EncryptUpdate(buf)
if err != nil {
b.FailNow()
}
ciphertext.Write(part)
part, err = ectx.EncryptFinal()
if err != nil {
b.FailNow()
}
ciphertext.Write(part)
part, err = ectx.GetTag()
if err != nil {
b.FailNow()
}
ciphertext.Write(part)
}
}
// Seal encrypts and authenticates plaintext, authenticates the
// additional data and appends the result to dst, returning the updated
// slice. The nonce must be NonceSize() bytes long and unique for all
// time, for a given key.
func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
cipherBuf := bytes.NewBuffer(dst)
ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
if err != nil {
panic(err)
}
err = ectx.ExtraData(data)
if err != nil {
panic(err)
}
part, err := ectx.EncryptUpdate(plaintext)
if err != nil {
panic(err)
}
cipherBuf.Write(part)
part, err = ectx.EncryptFinal()
if err != nil {
panic(err)
}
cipherBuf.Write(part)
part, err = ectx.GetTag()
if err != nil {
panic(err)
}
cipherBuf.Write(part)
return cipherBuf.Bytes()
}
func makeOpensslCiphertext() []byte {
buf := make([]byte, 1024*4)
var key [cryptfs.KEY_LEN]byte
var nonce [12]byte
var ciphertext bytes.Buffer
var part []byte
ectx, _ := openssl.NewGCMEncryptionCipherCtx(cryptfs.KEY_LEN*8, nil, key[:], nonce[:])
part, _ = ectx.EncryptUpdate(buf)
ciphertext.Write(part)
part, _ = ectx.EncryptFinal()
ciphertext.Write(part)
part, _ = ectx.GetTag()
ciphertext.Write(part)
return ciphertext.Bytes()
}