1 Go high-performance encryption utility.
3 gohpenc highly resembles hpenc tool (https://github.com/vstakhov/hpenc).
5 Why it was written? hpenc has some problems: it does not work on aarch64
6 and sparc64 architectures under FreeBSD (as seen in the port's Makefile)
7 and produces incompatible output (unauthenticated after 8192 blocks)
8 between FreeBSD and HardenedBSD systems somehow. Instead of painful
9 debugging I decided to write something similar on the Go language,
10 widening supported platforms.
12 gohpenc is incompatible with hpenc and much simpler:
14 * it uses only ChaCha20-Poly1305 algorithm
15 * no random data generation mode -- just encrypt /dev/zero. Poly1305
16 still be used, but it is fast enough to close eyes on it
17 * no metadata in output stream and no structure validation. Only blocks
19 * simpler key derivation -- new key for each block
21 But it still satisfies most of hpenc aims:
23 * Very simple key management -- single pre-shared key
24 * Parallelizeable -- each block is encrypted in different thread, so all
25 your CPUs could be utilized
26 * Very fast -- ChaCha20-Poly1305 is fast even on relatively low-end
27 devices like mobile devices. Despite gohpenc is written on Go, its
28 dependent libraries contain assembly-optimized code
29 * Built-in authentication and integrity check with small data overhead
31 How encryption/authentication is performed:
33 * First 32 bytes of the stream contains random data, called salt
34 * BLAKE2X is initialized: unknown length, PSK key as a MAC key. It
35 creates XOF that will be used as a KDF
36 * Salt is fed into that XOF
37 * All data is processed block by block
38 * New key is derived for each block by reading it from the XOF
39 * ChaCha20-Poly1305 algorithm is initialized with that key
40 * 32-bit big-endian value with the length of the block is outputted,
41 then an encrypted and authenticated block goes further, with
42 authenticated data containing that 32-bit length value
44 /----------BLOCK-------------\ /----------BLOCK------------\
45 +------+-----+------------+----------+-----+------------+----------+----
46 | SALT | LEN | CIPHERTEXT | AUTH TAG | LEN | CIPHERTEXT | AUTH TAG | ...
47 +------+-----+------------+----------+-----+------------+----------+----
49 gohpenc preallocates memory for one block for each thread. If you want
50 to process data with 1 MiB blocks in 4 threads, then you have to have at
51 least 4 MiBs of free memory. Moreover you have at least 1 MiB of free
52 memory on the decrypting side.
54 gohpenc is free software: see the file COPYING for copying conditions.