diff --git a/internal/siv_aead/siv_aead.go b/internal/siv_aead/siv_aead.go index 482efd9..dc37c8a 100644 --- a/internal/siv_aead/siv_aead.go +++ b/internal/siv_aead/siv_aead.go @@ -6,7 +6,7 @@ import ( "crypto/cipher" "log" - "github.com/jacobsa/crypto/siv" + "github.com/aperturerobotics/jacobsa-crypto/siv" ) type sivAead struct { @@ -63,7 +63,7 @@ func (s *sivAead) Seal(dst, nonce, plaintext, authData []byte) []byte { if len(s.key) == 0 { log.Panic("Key has been wiped?") } - // https://github.com/jacobsa/crypto/blob/master/siv/encrypt.go#L48: + // https://github.com/aperturerobotics/jacobsa-crypto/blob/master/siv/encrypt.go#L48: // As per RFC 5297 section 3, you may use this function for nonce-based // authenticated encryption by passing a nonce as the last associated // data element. diff --git a/internal/stupidgcm/doc.go b/internal/stupidgcm/doc.go index 36c189b..dce82ae 100644 --- a/internal/stupidgcm/doc.go +++ b/internal/stupidgcm/doc.go @@ -16,13 +16,13 @@ // However, OpenSSL has optimized assembly for almost all platforms, which Go // does not. Example for a 32-bit ARM device (Odroid XU4): // -// $ gocrypts -speed -// gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm -// AES-GCM-256-OpenSSL 56.84 MB/s (selected in auto mode) -// AES-GCM-256-Go 16.61 MB/s -// AES-SIV-512-Go 16.49 MB/s -// XChaCha20-Poly1305-Go 39.08 MB/s (use via -xchacha flag) -// XChaCha20-Poly1305-OpenSSL 141.82 MB/s +// $ gocrypts -speed +// gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm +// AES-GCM-256-OpenSSL 56.84 MB/s (selected in auto mode) +// AES-GCM-256-Go 16.61 MB/s +// AES-SIV-512-Go 16.49 MB/s +// XChaCha20-Poly1305-Go 39.08 MB/s (use via -xchacha flag) +// XChaCha20-Poly1305-OpenSSL 141.82 MB/s // // This package is "stupid" in the sense that it only supports a narrow set of // key- and iv-lengths, and panics if it does not like what you pass it. @@ -33,7 +33,7 @@ // Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on // decryption. // -// XChaCha20-Poly1305 +// # XChaCha20-Poly1305 // // The XChaCha20-Poly1305 implementation is more complicated than the others, // because OpenSSL does not support XChaCha20-Poly1305 directly. Follow @@ -43,16 +43,16 @@ // Fortunately, XChaCha20-Poly1305 is just ChaCha20-Poly1305 with some key+iv // mixing using HChaCha20 in front: // -// key (32 bytes), iv (24 bytes) -// | -// v -// HChaCha20 (provided by golang.org/x/crypto/chacha20) -// | -// v -// key2 (32 bytes), iv2 (16 bytes) -// | -// v -// ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305) +// key (32 bytes), iv (24 bytes) +// | +// v +// HChaCha20 (provided by golang.org/x/crypto/chacha20) +// | +// v +// key2 (32 bytes), iv2 (16 bytes) +// | +// v +// ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305) // // As HChaCha20 is very fast, XChaCha20-Poly1305 gets almost the same throughput // as ChaCha20-Poly1305 (for 4kiB blocks). diff --git a/internal/stupidgcm/prefer.go b/internal/stupidgcm/prefer.go index fe8c613..e3f52d4 100644 --- a/internal/stupidgcm/prefer.go +++ b/internal/stupidgcm/prefer.go @@ -11,9 +11,9 @@ import ( // // Go GCM is only faster if the CPU either: // -// 1) Is X86_64 && has AES instructions && Go is v1.6 or higher -// 2) Is ARM64 && has AES instructions && Go is v1.11 or higher -// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda) +// 1. Is X86_64 && has AES instructions && Go is v1.6 or higher +// 2. Is ARM64 && has AES instructions && Go is v1.11 or higher +// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda) // // See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks // for benchmarks.