The AES operations in this package are not implemented using constant-time algorithms. An exception is when running on systems with enabled hardware support for AES that makes these operations constant-time.
bsaes is a portable pure-Go constant time AES implementation based on the
excellent code from BearSSL. On AMD64 systems with
AES-NI and a sufficiently recent Go runtime, it will transparently call
NewCipher is invoked.
32 bit and 64 bit variants, with the appropriate one selected at runtime.
crypto/cipher.ctrAble support for less-slow CTR-AES mode.
crypto/cipher.cbcDecAble support for less-slow CBC-AES decryption.
crypto/cipher.gcmAble support for less-slow GCM-AES. This includes
a constant time GHASH.
The raw guts of the implementations provided as sub-packages, for people to use to implement other things.
|CTR-AES128 (16 KiB)||ct32||472010||34.17|
|CBC-AES128 Decrypt (16 KiB)||ct32||583238||28.09|
|GCM-AES128 (16 KiB)||ct32||605676||27.05|
|CTR-AES128 (16 KiB)||ct64||296016||55.35|
|CBC-AES128 Decrypt (16 KiB)||ct64||350047||46.81|
|GCM-AES128 (16 KiB)||ct64||435660||37.61|
All numbers taken on an Intel i7-5600U with Turbo Boost disabled, running on linux/amd64.