stupidgcm

package

v1.4.5 Latest Latest Go to latest Published: Apr 5, 2021 License: AGPL-3.0 Imports: 6 Imported by: 0

Details

Package stupidgcm is a thin wrapper for OpenSSL's GCM encryption and decryption functions. It only support 32-byte keys and 16-bit IVs.

View Source

const (
	// BuiltWithoutOpenssl indicates if openssl been disabled at compile-time
	BuiltWithoutOpenssl = false
)

View Source

var ErrAuth = fmt.Errorf("stupidgcm: message authentication failed")

ErrAuth is returned when the message authentication fails

func New(keyIn []byte, forceDecode bool) cipher.AEAD

New returns a new cipher.AEAD implementation..

func PreferOpenSSL() bool

PreferOpenSSL tells us if OpenSSL is faster than Go GCM on this machine.

Go GCM is only faster if the CPU either:

Is X86_64 && has AES instructions && Go is v1.6 or higher
Is ARM64 && has AES instructions && Go is v1.11 or higher (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)

type StupidGCM struct {
	// contains filtered or unexported fields
}

StupidGCM implements the cipher.AEAD interface

func (g *StupidGCM) NonceSize() int

NonceSize returns the required size of the nonce / IV.

func (g *StupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error)

Open decrypts "in" using "iv" and "authData" and append the result to "dst"

func (g *StupidGCM) Overhead() int

Overhead returns the number of bytes that are added for authentication.

func (g *StupidGCM) Seal(dst, iv, in, authData []byte) []byte

Seal encrypts "in" using "iv" and "authData" and append the result to "dst"

func (g *StupidGCM) Wipe()

Wipe tries to wipe the AES key from memory by overwriting it with zeros and setting the reference to nil.

This is not bulletproof due to possible GC copies, but still raises to bar for extracting the key.