Portable constant time Go AES.

Yawning Angel 0e79956df1 Rebenchmark, add GCM numbers. 1 month ago
ct32 b312789672 Clean ups. 1 month ago
ct64 b312789672 Clean ups. 1 month ago
ghash 9fd815f19c Add a constant time GHASH(). #6 1 month ago
internal 14cd724026 Style cleanups. 1 month ago
.gitignore c94273c376 Initial import. 1 month ago
LICENSE.txt c4ffda5e0b Reordered the copyrights in the license. No functional changes. 1 month ago
README.md 0e79956df1 Rebenchmark, add GCM numbers. 1 month ago
aes.go c7748ab76a Move the finalizer setup code to `bsaes/NewCipher`. 1 month ago
aes_test.go 68ce54e4aa Add a GCM-AES128 benchmark, fix the ECB256 benchmark. 1 month ago


bsaes - BitSliced AES

Yawning Angel (yawning at schwanenlied dot me)

The AES operations in this package are not implemented using constant-time algorithms. An exception is when running on systems with enabled hardware support for AES that makes these operations constant-time.

-- https://golang.org/pkg/crypto/aes/

bsaes is a portable pure-Go constant time AES implementation based on the excellent code from BearSSL. It does not use any special hardware instructions even if present (and never will), use crypto/aes on such platforms.


  • Constant time.

  • 32 bit and 64 bit variants, with the appropriate one selected at runtime.

  • Provides crypto/cipher.Block.

  • crypto/cipher.ctrAble support for less-slow CTR-AES mode.

  • crypto/cipher.cbcDecAble support for less-slow CBC-AES decryption.

  • crypto/cipher.gcmAble support for less-slow GCM-AES. This includes a constant time GHASH.

  • The raw guts of the implementations provided as sub-packages, for people to use to implement other things.


Primitive Version ns/op MB/s
ECB-AES128 ct32 914 17.50
ECB-AES256 ct32 1268 12.62
CTR-AES128 (16 KiB) ct32 472010 34.17
CBC-AES128 Decrypt (16 KiB) ct32 583238 28.09
GCM-AES128 (16 KiB) ct32 605676 27.05
ECB-AES128 ct64 932 17.16
ECB-AES256 ct64 1258 12.72
CTR-AES128 (16 KiB) ct64 296016 55.35
CBC-AES128 Decrypt (16 KiB) ct64 350047 46.81
GCM-AES128 (16 KiB) ct64 435660 37.61

All numbers taken on an Intel i7-5600U with Turbo Boost disabled, running on linux/amd64.