ADHD refact brotli, allocs optimalization, CTR/CBC

.gitignore

@@ -1,4 +1,5 @@
 lint
 .env
 coverage.html
-coverage.txt
+coverage.txt
+*.out

Makefile

@@ -10,6 +10,9 @@ test-v:
 golangci-lint-install:
 	go install github.com/golangci/golangci-lint/cmd/[email protected]
 
+benchmark-compression:
+	go test -benchmem -bench BenchmarkRoundTrip github.com/D3vl0per/crypt/compression -timeout 30m -benchtime=1s -count=6 | tee "compression-$(shell date --iso-8601=seconds).out"
+
 coverage:
 	go test -coverprofile=coverage.out ./...
 	go tool cover -html=coverage.out -o coverage.html

README.md

@@ -20,9 +20,13 @@ This project is a comprehensive toolkit for developers who need to implement var
             - PKCS
 - Symmetric
     - XChacha20-poly1305
-    - XChacha20-poly1305 Stream (modified age code)
+    - XChacha20-poly1305 Stream (utilized age code)
     - XOR
     - AES-GCM
+    - "Insecure"
+        - SecretBox
+        - AES-CTR
+        - AES-CBC
 - Asymmetric
     - ECDSA
         - ed25519
@@ -36,9 +40,9 @@ This project is a comprehensive toolkit for developers who need to implement var
     - SHA3-256
     - SHA3-384
     - SHA3-512
-    - SHAKE-128 (planed)
-    - SHAKE-256 (planed)
-    - go_simhash (planed)
+    - SHAKE-128 (planned)
+    - SHAKE-256 (planned)
+    - go_simhash (planned)
     - Argon2id
     - Scrypt (planed)
     - HKDF (planed)
@@ -47,6 +51,10 @@ This project is a comprehensive toolkit for developers who need to implement var
     - gzip
     - zlib
     - zstd
+    - brotli
+    - huff0X1 (in progress)
+    - huff0X4 (in progress)
+
 - Aged 
     - Age encryption suite
     - Age header obfuscation v1

aged/age_bind.go

@@ -71,20 +71,20 @@ func (k Keychain) Encrypt(p Parameters) ([]byte, error) {
 
 	in, err := compressor(p)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	out := &bytes.Buffer{}
 	w, err := age.Encrypt(out, k.recipients...)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	if _, err := io.Copy(w, in); err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 	if err := w.Close(); err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	return obfuscator(p, out.Bytes())
@@ -93,15 +93,15 @@ func (k Keychain) Encrypt(p Parameters) ([]byte, error) {
 func (k Keychain) Decrypt(p Parameters) ([]byte, error) {
 	cipherData, err := deobfuscator(p)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 	r, err := age.Decrypt(bytes.NewReader(cipherData), k.secretKey)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 	out := &bytes.Buffer{}
 	if _, err := io.Copy(out, r); err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	return decompressor(p, out.Bytes())
@@ -110,29 +110,29 @@ func (k Keychain) Decrypt(p Parameters) ([]byte, error) {
 func EncryptWithPwd(p Parameters, pwd string) ([]byte, error) {
 	in, err := compressor(p)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	pwdRecepient, err := age.NewScryptRecipient(pwd)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	out := &bytes.Buffer{}
 	w, err := age.Encrypt(out, pwdRecepient)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	if _, err := io.Copy(w, in); err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 	if err := w.Close(); err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	return obfuscator(p, out.Bytes())
@@ -141,22 +141,22 @@ func EncryptWithPwd(p Parameters, pwd string) ([]byte, error) {
 func DecryptWithPwd(p Parameters, pwd string) ([]byte, error) {
 	cipherData, err := deobfuscator(p)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	pwdIdentity, err := age.NewScryptIdentity(pwd)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	r, err := age.Decrypt(bytes.NewReader(cipherData), pwdIdentity)
 	if err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	out := &bytes.Buffer{}
 	if _, err := io.Copy(out, r); err != nil {
-		return []byte{}, err
+		return nil, err
 	}
 
 	return decompressor(p, out.Bytes())
@@ -186,7 +186,7 @@ func decompressor(p Parameters, data []byte) ([]byte, error) {
 	if p.Compress {
 		raw, err := p.Compressor.Decompress(data)
 		if err != nil {
-			return []byte{}, err
+			return nil, err
 		}
 		return raw, nil
 	}
@@ -197,7 +197,7 @@ func obfuscator(p Parameters, in []byte) ([]byte, error) {
 	if p.Obfuscation {
 		obf, err := p.Obfuscator.Obfuscate(in)
 		if err != nil {
-			return []byte{}, errors.New("failed to obfuscate header")
+			return nil, errors.New("failed to obfuscate header")
 		}
 		return obf, nil
 	}
@@ -210,7 +210,7 @@ func deobfuscator(p Parameters) ([]byte, error) {
 		var err error
 		cipherData, err = p.Obfuscator.Deobfuscate(p.Data)
 		if err != nil {
-			return []byte{}, errors.New("failed to deobfuscate header, maybe not obfuscated?")
+			return nil, errors.New("failed to deobfuscate header, maybe not obfuscated?")
 		}
 	} else {
 		cipherData = p.Data

aged/age_bind_test.go

@@ -213,6 +213,7 @@ func TestRoundTrips(t *testing.T) {
 				Compress:    true,
 			},
 		},
+
 	}
 
 	for _, tt := range tests {
@@ -236,7 +237,7 @@ func TestRoundTrips(t *testing.T) {
 			r.Equal(t, tt.parameter.Data, decryptedData2, "Decrypted data is equal with the plaintext data by different valid keychain")
 
 			decryptedData3, err4 := config.keychainWrong.Decrypt(decryptParam)
-			r.Equal(t, []byte{}, decryptedData3)
+			r.Nil(t, decryptedData3)
 			r.EqualError(t, err4, "no identity matched any of the recipients")
 
 			pwd, err := generic.CSPRNG(32)

aged/obf.go

@@ -28,10 +28,10 @@ func (a *AgeV1Obf) Obfuscate(payload []byte) ([]byte, error) {
 
 	headerIndex := bytes.Index(payload, endOfHeader)
 	if headerIndex == -1 {
-		return []byte{}, errors.New("missing end flag")
+		return nil, errors.New("missing end flag")
 	}
 	if headerIndex+lengthOfKey > len(payload) {
-		return []byte{}, errors.New("invalid header length")
+		return nil, errors.New("invalid header length")
 	}
 	header := payload[:headerIndex+lengthOfKey]
 	pad := make([]byte, len(header))
@@ -49,14 +49,14 @@ func (a *AgeV1Obf) Obfuscate(payload []byte) ([]byte, error) {
 func (a *AgeV1Obf) Deobfuscate(payload []byte) ([]byte, error) {
 	headerIndex := bytes.Index(payload, endFlag)
 	if headerIndex == -1 {
-		return []byte{}, errors.New("missing end flag")
+		return nil, errors.New("missing end flag")
 	}
 	if headerIndex+len(endFlag) > len(payload) {
-		return []byte{}, errors.New("invalid header")
+		return nil, errors.New("invalid header")
 	}
 	header := payload[:headerIndex+len(endFlag)]
 	if len(header) < len(endFlag) {
-		return []byte{}, errors.New("invalid header length")
+		return nil, errors.New("invalid header length")
 	}
 
 	pad := make([]byte, len(header)-len(endFlag))

asymmetric/attestation_test.go

@@ -24,7 +24,7 @@ func TestMinimalisticAttestation(t *testing.T) {
 		payload    []byte
 	}{
 		{
-			name: "Minimalistic",
+			name: "Minimalistic with known padding",
 			attestator: asymmetric.Minimalistic{
 				Suite: &asymmetric.Ed25519{
 					SecretKey: ecdsa.SecretKey,
@@ -38,7 +38,7 @@ func TestMinimalisticAttestation(t *testing.T) {
 			payload: []byte("Correct Horse Battery Staple"),
 		},
 		{
-			name: "Base64 encoder",
+			name: "Base64 encoder with known separator",
 			attestator: asymmetric.Minimalistic{
 				Suite: &asymmetric.Ed25519{
 					SecretKey: ecdsa.SecretKey,
@@ -55,7 +55,7 @@ func TestMinimalisticAttestation(t *testing.T) {
 			payload: []byte("Correct Horse Battery Staple"),
 		},
 		{
-			name: "Blake2b-512",
+			name: "Blake2b-512 with known padding",
 			attestator: asymmetric.Minimalistic{
 				Suite: &asymmetric.Ed25519{
 					SecretKey: ecdsa.SecretKey,
@@ -70,7 +70,7 @@ func TestMinimalisticAttestation(t *testing.T) {
 			payload: []byte("Correct Horse Battery Staple"),
 		},
 		{
-			name: "Blake2b-512-HMAC",
+			name: "Blake2b-512-HMAC with known padding",
 			attestator: asymmetric.Minimalistic{
 				Suite: &asymmetric.Ed25519{
 					SecretKey: ecdsa.SecretKey,
@@ -114,7 +114,7 @@ func TestFaultMinimalisticAttestation(t *testing.T) {
 	r.NoError(t, err)
 
 	// salt, err := generic.CSPRNG(32)
-	//r.NoError(t, err)
+	// r.NoError(t, err)
 
 	tests := []struct {
 		name                string

asymmetric/ecdsa.go

@@ -3,6 +3,7 @@ package asymmetric
 import (
 	"crypto"
 	"crypto/ed25519"
+	"crypto/rand"
 	"errors"
 	"strconv"
 
@@ -38,7 +39,7 @@ type Ed448 struct {
 
 func (e *Ed25519) Generate() error {
 	var err error
-	e.PublicKey, e.SecretKey, err = ed25519.GenerateKey(generic.Rand())
+	e.PublicKey, e.SecretKey, err = ed25519.GenerateKey(rand.Reader)
 	if err != nil {
 		return err
 	}
@@ -95,7 +96,7 @@ func (e *Ed25519) GetEncoder() generic.Encoder {
 
 func (e *Ed448) Generate() error {
 	var err error
-	e.PublicKey, e.SecretKey, err = ed448.GenerateKey(generic.Rand())
+	e.PublicKey, e.SecretKey, err = ed448.GenerateKey(rand.Reader)
 	if err != nil {
 		return err
 	}

asymmetric/ecdsa_test.go

@@ -24,6 +24,14 @@ func TestGenerateEd25519Keypair(t *testing.T) {
 	t.Log("Ed25519 Public Key Hex:", hex.EncodeToString(asym.PublicKey))
 }
 
+func BenchmarkGenerateEd25519Keypair(b *testing.B) {
+	asym := asymmetric.Ed25519{}
+	for i := 0; i < b.N; i++ {
+		err := asym.Generate()
+		r.NoError(b, err)
+	}
+}
+
 // Deterministic key generation check.
 func TestGenerateEd25519KeypairFromSeed(t *testing.T) {
 	rng, err := generic.CSPRNG(32)
@@ -233,3 +241,22 @@ func TestGenerateEd448KeypairFromSeedWithWrongSeedSize(t *testing.T) {
 	err = asym2.GenerateFromSeed(rng)
 	r.EqualError(t, err, "seed size must be 57 bytes long")
 }
+
+func BenchmarkEcdsa(b *testing.B) {
+	ed25519 := asymmetric.Ed25519{}
+	b.Run("Generate Ed25519", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			err := ed25519.Generate()
+			r.NoError(b, err)
+		}
+	})
+
+	ed448 := asymmetric.Ed448{}
+	b.Run("Generate Ed448", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			err := ed448.Generate()
+			r.NoError(b, err)
+		}
+	})
+}
+