Exemplo n.º 1
0
// Open decrypts and authenticates ciphertext, authenticates the
// additional data and, if successful, appends the resulting plaintext
// to dst, returning the updated slice. The nonce must be NonceSize()
// bytes long and both it and the additional data must match the
// value passed to Seal.
//
// The ciphertext and dst may alias exactly or not at all.
func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {

	l := len(ciphertext)
	tag := ciphertext[l-AUTH_TAG_LEN : l]
	ciphertext = ciphertext[0 : l-AUTH_TAG_LEN]
	plainBuf := bytes.NewBuffer(dst)

	dctx, err := openssl.NewGCMDecryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
	if err != nil {
		return nil, err
	}
	err = dctx.ExtraData(data)
	if err != nil {
		return nil, err
	}
	part, err := dctx.DecryptUpdate(ciphertext)
	if err != nil {
		return nil, err
	}
	plainBuf.Write(part)
	err = dctx.SetTag(tag)
	if err != nil {
		return nil, err
	}
	part, err = dctx.DecryptFinal()
	if err != nil {
		return nil, err
	}
	plainBuf.Write(part)

	return plainBuf.Bytes(), nil
}
Exemplo n.º 2
0
func BenchmarkOpensslDec4K(b *testing.B) {
	buf := makeOpensslCiphertext()
	b.SetBytes(int64(1024 * 4))

	tag := buf[4096:]
	buf = buf[0:4096]

	var key [cryptfs.KEY_LEN]byte
	var nonce [12]byte

	var plaintext bytes.Buffer
	var part []byte

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		plaintext.Reset()
		dctx, err := openssl.NewGCMDecryptionCipherCtx(cryptfs.KEY_LEN*8, nil, key[:], nonce[:])
		if err != nil {
			b.FailNow()
		}
		part, err = dctx.DecryptUpdate(buf)
		if err != nil {
			b.FailNow()
		}
		plaintext.Write(part)
		err = dctx.SetTag(tag)
		if err != nil {
			b.FailNow()
		}
		part, err = dctx.DecryptFinal()
		if err != nil {
			b.FailNow()
		}
		plaintext.Write(part)
	}
}