Go high-performance encryption utility. gohpenc highly resembles hpenc tool (https://github.com/vstakhov/hpenc). Why it was written? hpenc has some problems: it does not work on aarch64 and sparc64 architectures under FreeBSD (as seen in the port's Makefile) and produces incompatible output (unauthenticated after 8192 blocks) between FreeBSD and HardenedBSD systems somehow. Instead of painful debugging I decided to write something similar on the Go language, widening supported platforms. gohpenc is incompatible with hpenc and much simpler: * it uses only ChaCha20-Poly1305 algorithm * no random data generation mode -- just encrypt /dev/zero. Poly1305 still be used, but it is fast enough to close eyes on it * no metadata in output stream and no structure validation. Only blocks authentication * simpler key derivation -- new key for each block But it still satisfies most of hpenc aims: * Very simple key management -- single pre-shared key * Parallelizeable -- each block is encrypted in different thread, so all your CPUs could be utilized * Very fast -- ChaCha20-Poly1305 is fast even on relatively low-end devices like mobile devices. Despite gohpenc is written on Go, its dependent libraries contain assembly-optimized code * Built-in authentication and integrity check with small data overhead How encryption/authentication is performed: * First 32 bytes of the stream contains random data, called salt * BLAKE2X is initialized: unknown length, PSK key as a MAC key. It creates XOF that will be used as a KDF * Salt is fed into that XOF * All data is processed block by block * New key is derived for each block by reading it from the XOF * ChaCha20-Poly1305 algorithm is initialized with that key * 32-bit big-endian value with the length of the block is outputted, then an encrypted and authenticated block goes further, with authenticated data containing that 32-bit length value /----------BLOCK-------------\ /----------BLOCK------------\ +------+-----+------------+----------+-----+------------+----------+---- | SALT | LEN | CIPHERTEXT | AUTH TAG | LEN | CIPHERTEXT | AUTH TAG | ... +------+-----+------------+----------+-----+------------+----------+---- gohpenc preallocates memory for one block for each thread. If you want to process data with 1 MiB blocks in 4 threads, then you have to have at least 4 MiBs of free memory. Moreover you have at least 1 MiB of free memory on the decrypting side. gohpenc is free software: see the file COPYING for copying conditions.