will be down from Thursday, 20 March 2025, 07:30:00 UTC for a duration of approximately 2 hours

Commit 20a2b960 authored by Adam Langley's avatar Adam Langley

crypto/cipher: add GCM mode.

GCM is Galois Counter Mode, an authenticated encryption mode that is,
nearly always, used with AES.

parent 5e36877d
This diff is collapsed.
// Copyright 2013 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package cipher_test
import (
// AES-GCM test vectors taken from gcmEncryptExtIV128.rsp from
var aesGCMTests = []struct {
key, nonce, plaintext, ad, result string
func TestAESGCM(t *testing.T) {
for i, test := range aesGCMTests {
key, _ := hex.DecodeString(test.key)
aes, err := aes.NewCipher(key)
if err != nil {
nonce, _ := hex.DecodeString(test.nonce)
plaintext, _ := hex.DecodeString(test.plaintext)
ad, _ := hex.DecodeString(
aesgcm, err := cipher.NewGCM(aes)
if err != nil {
ct := aesgcm.Seal(nil, nonce, plaintext, ad)
if ctHex := hex.EncodeToString(ct); ctHex != test.result {
t.Errorf("#%d: got %s, want %s", i, ctHex, test.result)
plaintext2, err := aesgcm.Open(nil, nonce, ct, ad)
if err != nil {
t.Errorf("#%d: Open failed", i)
if !bytes.Equal(plaintext, plaintext2) {
t.Errorf("#%d: plaintext's don't match: got %x vs %x", i, plaintext2, plaintext)
if len(ad) > 0 {
ad[0] ^= 0x80
if _, err := aesgcm.Open(nil, nonce, ct, ad); err == nil {
t.Errorf("#%d: Open was successful after altering additional data", i)
ad[0] ^= 0x80
nonce[0] ^= 0x80
if _, err := aesgcm.Open(nil, nonce, ct, ad); err == nil {
t.Errorf("#%d: Open was successful after altering nonce", i)
nonce[0] ^= 0x80
ct[0] ^= 0x80
if _, err := aesgcm.Open(nil, nonce, ct, ad); err == nil {
t.Errorf("#%d: Open was successful after altering ciphertext", i)
ct[0] ^= 0x80
func BenchmarkAESGCM(b *testing.B) {
buf := make([]byte, 1024)
var key [16]byte
var nonce [12]byte
aes, _ := aes.NewCipher(key[:])
aesgcm, _ := cipher.NewGCM(aes)
var out []byte
for i := 0; i < b.N; i++ {
out = aesgcm.Seal(out[:0], nonce[:], buf, nonce[:])
......@@ -82,8 +82,9 @@ var pkgDeps = map[string][]string{
// L3 adds reflection and some basic utility packages
// and interface definitions, but nothing that makes
// system calls.
"crypto": {"L2", "hash"}, // interfaces
"crypto/cipher": {"L2"}, // interfaces
"crypto": {"L2", "hash"}, // interfaces
"crypto/cipher": {"L2", "crypto/subtle"}, // interfaces
"crypto/subtle": {},
"encoding/base32": {"L2"},
"encoding/base64": {"L2"},
"encoding/binary": {"L2", "reflect"},
......@@ -100,6 +101,7 @@ var pkgDeps = map[string][]string{
......@@ -248,15 +250,10 @@ var pkgDeps = map[string][]string{
"net/mail": {"L4", "NET", "OS"},
"net/textproto": {"L4", "OS", "net"},
// Support libraries for crypto that aren't L2.
// Core crypto.
"crypto/aes": {"L3"},
"crypto/des": {"L3"},
"crypto/hmac": {"L3", "CRYPTO-SUPPORT"},
"crypto/hmac": {"L3"},
"crypto/md5": {"L3"},
"crypto/rc4": {"L3"},
"crypto/sha1": {"L3"},
......@@ -264,7 +261,6 @@ var pkgDeps = map[string][]string{
"crypto/sha512": {"L3"},
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment