README.md
1### bsaes - BitSliced AES
2#### Yawning Angel (yawning at schwanenlied dot me)
3
4> The AES operations in this package are not implemented using constant-time
5> algorithms. An exception is when running on systems with enabled hardware
6> support for AES that makes these operations constant-time.
7>
8> -- https://golang.org/pkg/crypto/aes/
9
10bsaes is a portable pure-Go constant time AES implementation based on the
11excellent code from [BearSSL](https://bearssl.org/). On AMD64 systems with
12AES-NI and a sufficiently recent Go runtime, it will transparently call
13`crypto/aes` when `NewCipher` is invoked.
14
15Features:
16
17 * Constant time.
18
19 * 32 bit and 64 bit variants, with the appropriate one selected at runtime.
20
21 * Provides `crypto/cipher.Block`.
22
23 * `crypto/cipher.ctrAble` support for less-slow CTR-AES mode.
24
25 * `crypto/cipher.cbcDecAble` support for less-slow CBC-AES decryption.
26
27 * `crypto/cipher.gcmAble` support for less-slow GCM-AES. This includes
28 a constant time GHASH.
29
30 * The raw guts of the implementations provided as sub-packages, for people
31 to use to implement [other things](https://git.schwanenlied.me/yawning/aez).
32
33Benchmarks:
34
35| Primitive | Version | ns/op | MB/s |
36| --------------------------- | :-----: | -----: | -----: |
37| ECB-AES128 | ct32 | 914 | 17.50 |
38| ECB-AES256 | ct32 | 1268 | 12.62 |
39| CTR-AES128 (16 KiB) | ct32 | 472010 | 34.17 |
40| CBC-AES128 Decrypt (16 KiB) | ct32 | 583238 | 28.09 |
41| GCM-AES128 (16 KiB) | ct32 | 605676 | 27.05 |
42| ECB-AES128 | ct64 | 932 | 17.16 |
43| ECB-AES256 | ct64 | 1258 | 12.72 |
44| CTR-AES128 (16 KiB) | ct64 | 296016 | 55.35 |
45| CBC-AES128 Decrypt (16 KiB) | ct64 | 350047 | 46.81 |
46| GCM-AES128 (16 KiB) | ct64 | 435660 | 37.61 |
47
48All numbers taken on an Intel i7-5600U with Turbo Boost disabled, running on
49linux/amd64.
50