trusch/NaCL-vs-AESGCM.go

## NaCL-vs-AESGCM.go
package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"errors"
	"io"
	"log"
	"testing"

	"github.com/magiconair/properties/assert"
	"golang.org/x/crypto/nacl/secretbox"
	"golang.org/x/crypto/sha3"
)

var (
	msg      = "hello world"
	password = "secret password"
)

func TestNaCL(t *testing.T) {
	encrypted, err := encryptNaCL([]byte(msg), password)
	if err != nil {
		log.Fatal(err)
	}
	decrypted, err := decryptNaCL(encrypted, password)
	if err != nil {
		log.Fatal(err)
	}
	assert.Equal(t, []byte(msg), decrypted)
}

func TestAESGCM(t *testing.T) {
	encrypted, err := encryptAESGCM([]byte(msg), password)
	if err != nil {
		log.Fatal(err)
	}
	decrypted, err := decryptAESGCM(encrypted, password)
	if err != nil {
		log.Fatal(err)
	}
	assert.Equal(t, []byte(msg), decrypted)
}

func BenchmarkNaCL(b *testing.B) {
	for n := 0; n < b.N; n++ {
		encrypted, err := encryptNaCL([]byte(msg), password)
		if err != nil {
			log.Fatal(err)
		}
		_, err = decryptNaCL(encrypted, password)
		if err != nil {
			log.Fatal(err)
		}
	}
}

func BenchmarkAESGCM(b *testing.B) {
	for n := 0; n < b.N; n++ {
		encrypted, err := encryptAESGCM([]byte(msg), password)
		if err != nil {
			log.Fatal(err)
		}
		_, err = decryptAESGCM(encrypted, password)
		if err != nil {
			log.Fatal(err)
		}
	}
}

func encryptNaCL(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	var nonce [24]byte
	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
		return nil, err
	}
	encrypted := secretbox.Seal(nonce[:], msg, &nonce, &secretKey)
	return encrypted, nil
}

func decryptNaCL(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	var nonce [24]byte
	copy(nonce[:], msg[:24])
	decrypted, ok := secretbox.Open(nil, msg[24:], &nonce, &secretKey)
	if !ok {
		return nil, errors.New("failed to decrypt")
	}
	return decrypted, nil
}

func encryptAESGCM(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	block, err := aes.NewCipher(secretKey[:])
	if err != nil {
		return nil, err
	}
	nonce := make([]byte, 12)
	if _, e := io.ReadFull(rand.Reader, nonce); e != nil {
		return nil, e
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		panic(err.Error())
	}
	return aesgcm.Seal(nonce[:], nonce, msg, nil), nil
}

func decryptAESGCM(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	var nonce [12]byte
	copy(nonce[:], msg[:12])
	block, err := aes.NewCipher(secretKey[:])
	if err != nil {
		return nil, err
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}
	plaintext, err := aesgcm.Open(nil, nonce[:], msg[12:], nil)
	if err != nil {
		return nil, err
	}
	return plaintext, nil
}

/**
➜  crypto-compare go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/contiamo/crypto-compare
BenchmarkNaCL-8     	  500000	      3661 ns/op
BenchmarkAESGCM-8   	  200000	      5249 ns/op
PASS
ok  	github.com/contiamo/crypto-compare	2.985s
**/
	package main

	import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"errors"
	"io"
	"log"
	"testing"

	"github.com/magiconair/properties/assert"
	"golang.org/x/crypto/nacl/secretbox"
	"golang.org/x/crypto/sha3"
	)

	var (
	msg = "hello world"
	password = "secret password"
	)

	func TestNaCL(t *testing.T) {
	encrypted, err := encryptNaCL([]byte(msg), password)
	if err != nil {
	log.Fatal(err)
	}
	decrypted, err := decryptNaCL(encrypted, password)
	if err != nil {
	log.Fatal(err)
	}
	assert.Equal(t, []byte(msg), decrypted)
	}

	func TestAESGCM(t *testing.T) {
	encrypted, err := encryptAESGCM([]byte(msg), password)
	if err != nil {
	log.Fatal(err)
	}
	decrypted, err := decryptAESGCM(encrypted, password)
	if err != nil {
	log.Fatal(err)
	}
	assert.Equal(t, []byte(msg), decrypted)
	}

	func BenchmarkNaCL(b *testing.B) {
	for n := 0; n < b.N; n++ {
	encrypted, err := encryptNaCL([]byte(msg), password)
	if err != nil {
	log.Fatal(err)
	}
	_, err = decryptNaCL(encrypted, password)
	if err != nil {
	log.Fatal(err)
	}
	}
	}

	func BenchmarkAESGCM(b *testing.B) {
	for n := 0; n < b.N; n++ {
	encrypted, err := encryptAESGCM([]byte(msg), password)
	if err != nil {
	log.Fatal(err)
	}
	_, err = decryptAESGCM(encrypted, password)
	if err != nil {
	log.Fatal(err)
	}
	}
	}

	func encryptNaCL(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	var nonce [24]byte
	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
	return nil, err
	}
	encrypted := secretbox.Seal(nonce[:], msg, &nonce, &secretKey)
	return encrypted, nil
	}

	func decryptNaCL(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	var nonce [24]byte
	copy(nonce[:], msg[:24])
	decrypted, ok := secretbox.Open(nil, msg[24:], &nonce, &secretKey)
	if !ok {
	return nil, errors.New("failed to decrypt")
	}
	return decrypted, nil
	}

	func encryptAESGCM(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	block, err := aes.NewCipher(secretKey[:])
	if err != nil {
	return nil, err
	}
	nonce := make([]byte, 12)
	if _, e := io.ReadFull(rand.Reader, nonce); e != nil {
	return nil, e
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
	panic(err.Error())
	}
	return aesgcm.Seal(nonce[:], nonce, msg, nil), nil
	}

	func decryptAESGCM(msg []byte, password string) ([]byte, error) {
	secretKey := sha3.Sum256([]byte(password))
	var nonce [12]byte
	copy(nonce[:], msg[:12])
	block, err := aes.NewCipher(secretKey[:])
	if err != nil {
	return nil, err
	}
	aesgcm, err := cipher.NewGCM(block)
	if err != nil {
	return nil, err
	}
	plaintext, err := aesgcm.Open(nil, nonce[:], msg[12:], nil)
	if err != nil {
	return nil, err
	}
	return plaintext, nil
	}

	/**
	➜ crypto-compare go test -bench=.
	goos: linux
	goarch: amd64
	pkg: github.com/contiamo/crypto-compare
	BenchmarkNaCL-8 500000 3661 ns/op
	BenchmarkAESGCM-8 200000 5249 ns/op
	PASS
	ok github.com/contiamo/crypto-compare 2.985s
	**/