Last active
January 8, 2019 12:01
-
-
Save trusch/7a8566db21173c236e38457b6a5a1782 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/aes" | |
"crypto/cipher" | |
"crypto/rand" | |
"errors" | |
"io" | |
"log" | |
"testing" | |
"github.com/magiconair/properties/assert" | |
"golang.org/x/crypto/nacl/secretbox" | |
"golang.org/x/crypto/sha3" | |
) | |
var ( | |
msg = "hello world" | |
password = "secret password" | |
) | |
func TestNaCL(t *testing.T) { | |
encrypted, err := encryptNaCL([]byte(msg), password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
decrypted, err := decryptNaCL(encrypted, password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
assert.Equal(t, []byte(msg), decrypted) | |
} | |
func TestAESGCM(t *testing.T) { | |
encrypted, err := encryptAESGCM([]byte(msg), password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
decrypted, err := decryptAESGCM(encrypted, password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
assert.Equal(t, []byte(msg), decrypted) | |
} | |
func BenchmarkNaCL(b *testing.B) { | |
for n := 0; n < b.N; n++ { | |
encrypted, err := encryptNaCL([]byte(msg), password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
_, err = decryptNaCL(encrypted, password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
} | |
} | |
func BenchmarkAESGCM(b *testing.B) { | |
for n := 0; n < b.N; n++ { | |
encrypted, err := encryptAESGCM([]byte(msg), password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
_, err = decryptAESGCM(encrypted, password) | |
if err != nil { | |
log.Fatal(err) | |
} | |
} | |
} | |
func encryptNaCL(msg []byte, password string) ([]byte, error) { | |
secretKey := sha3.Sum256([]byte(password)) | |
var nonce [24]byte | |
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil { | |
return nil, err | |
} | |
encrypted := secretbox.Seal(nonce[:], msg, &nonce, &secretKey) | |
return encrypted, nil | |
} | |
func decryptNaCL(msg []byte, password string) ([]byte, error) { | |
secretKey := sha3.Sum256([]byte(password)) | |
var nonce [24]byte | |
copy(nonce[:], msg[:24]) | |
decrypted, ok := secretbox.Open(nil, msg[24:], &nonce, &secretKey) | |
if !ok { | |
return nil, errors.New("failed to decrypt") | |
} | |
return decrypted, nil | |
} | |
func encryptAESGCM(msg []byte, password string) ([]byte, error) { | |
secretKey := sha3.Sum256([]byte(password)) | |
block, err := aes.NewCipher(secretKey[:]) | |
if err != nil { | |
return nil, err | |
} | |
nonce := make([]byte, 12) | |
if _, e := io.ReadFull(rand.Reader, nonce); e != nil { | |
return nil, e | |
} | |
aesgcm, err := cipher.NewGCM(block) | |
if err != nil { | |
panic(err.Error()) | |
} | |
return aesgcm.Seal(nonce[:], nonce, msg, nil), nil | |
} | |
func decryptAESGCM(msg []byte, password string) ([]byte, error) { | |
secretKey := sha3.Sum256([]byte(password)) | |
var nonce [12]byte | |
copy(nonce[:], msg[:12]) | |
block, err := aes.NewCipher(secretKey[:]) | |
if err != nil { | |
return nil, err | |
} | |
aesgcm, err := cipher.NewGCM(block) | |
if err != nil { | |
return nil, err | |
} | |
plaintext, err := aesgcm.Open(nil, nonce[:], msg[12:], nil) | |
if err != nil { | |
return nil, err | |
} | |
return plaintext, nil | |
} | |
/** | |
➜ crypto-compare go test -bench=. | |
goos: linux | |
goarch: amd64 | |
pkg: github.com/contiamo/crypto-compare | |
BenchmarkNaCL-8 500000 3661 ns/op | |
BenchmarkAESGCM-8 200000 5249 ns/op | |
PASS | |
ok github.com/contiamo/crypto-compare 2.985s | |
**/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment