diff options
| author | Frank Denis | 2025-03-12 00:54:35 +0100 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2025-03-12 20:43:23 +0100 |
| commit | d5d26d75247d4fcc269cd0494cb85c7e62618c89 (patch) | |
| tree | 5b1409763bf2b03fdbf859e3169732157e704615 | |
| parent | e3e76e275d8edf294a4a64897f44a5ef0b70bfeb (diff) | |
Move aegis out of stupidgcm
| -rw-r--r-- | internal/cryptocore/cryptocore.go | 8 | ||||
| -rw-r--r-- | internal/speed/speed.go | 6 | ||||
| -rw-r--r-- | internal/stupidgcm/aegis.go | 57 | ||||
| -rw-r--r-- | internal/stupidgcm/common_test.go | 2 | ||||
| -rw-r--r-- | tests/matrix/matrix_test.go | 3 |
5 files changed, 13 insertions, 63 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index ad5d719..e2991d7 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -12,6 +12,7 @@ import ( "golang.org/x/crypto/chacha20poly1305" "github.com/aegis-aead/go-libaegis/aegis256x2" + "github.com/aegis-aead/go-libaegis/common" "github.com/rfjakob/eme" "github.com/rfjakob/gocryptfs/v2/internal/siv_aead" @@ -187,7 +188,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool) *CryptoC log.Panic(err) } } else if aeadType == BackendAegis { - if stupidgcm.BuiltWithoutAegis { + if common.Available == false { log.Panic("AEGIS is not available") } if IVBitLen != aegis256x2.NonceSize*8 { @@ -197,7 +198,10 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool) *CryptoC log.Panic("XChaCha20-Poly1305 must use HKDF, but it is disabled") } aegisKey := hkdfDerive(key, hkdfInfoGCMContent, KeyLen) - aeadCipher = stupidgcm.NewAegis(aegisKey) + aeadCipher, err = aegis256x2.New(aegisKey, AuthTagLen) + if err != nil { + log.Panic(err) + } for i := range aegisKey { aegisKey[i] = 0 } diff --git a/internal/speed/speed.go b/internal/speed/speed.go index c54f487..ef58aeb 100644 --- a/internal/speed/speed.go +++ b/internal/speed/speed.go @@ -14,6 +14,7 @@ import ( "golang.org/x/crypto/chacha20poly1305" + "github.com/aegis-aead/go-libaegis/aegis256x2" "github.com/aegis-aead/go-libaegis/common" "github.com/rfjakob/gocryptfs/v2/internal/cryptocore" "github.com/rfjakob/gocryptfs/v2/internal/siv_aead" @@ -176,6 +177,9 @@ func bAegis(b *testing.B) { if common.Available { b.Skip("aegis is not available") } - c := stupidgcm.NewAegis(randBytes(32)) + c, err := aegis256x2.New(randBytes(aegis256x2.KeySize), cryptocore.AuthTagLen) + if err != nil { + b.Fatal(err) + } bEncrypt(b, c) } diff --git a/internal/stupidgcm/aegis.go b/internal/stupidgcm/aegis.go deleted file mode 100644 index 8975055..0000000 --- a/internal/stupidgcm/aegis.go +++ /dev/null @@ -1,57 +0,0 @@ -//go:build !without_aegis && cgo -// +build !without_aegis,cgo - -package stupidgcm - -import ( - "crypto/cipher" - "log" - - "github.com/aegis-aead/go-libaegis/aegis128x2" - "github.com/aegis-aead/go-libaegis/common" -) - -const ( - // BuiltWithoutAegis indicates if aegis been disabled at compile-time - BuiltWithoutAegis = !common.Available - - // Aegis supports 16 and 32 bit tags - AegisTagLen = 16 -) - -type stupidAegis struct { - aead cipher.AEAD -} - -// Verify that we satisfy the cipher.AEAD interface -var _ cipher.AEAD = &stupidAegis{} - -func (*stupidAegis) NonceSize() int { - return aegis128x2.NonceSize -} - -func (*stupidAegis) Overhead() int { - return AegisTagLen -} - -func NewAegis(key []byte) cipher.AEAD { - aead, err := aegis128x2.New(key, AegisTagLen) - if err != nil { - log.Panic(err) - } - return &stupidAegis{ - aead: aead, - } -} - -func (x *stupidAegis) Seal(dst, nonce, plaintext, additionalData []byte) []byte { - return x.aead.Seal(dst, nonce, plaintext, additionalData) -} - -func (x *stupidAegis) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { - return x.aead.Open(dst, nonce, ciphertext, additionalData) -} - -func (x *stupidAegis) Wipe() { - x.aead.(*aegis128x2.Aegis128X2).Wipe() -} diff --git a/internal/stupidgcm/common_test.go b/internal/stupidgcm/common_test.go index 47fee7c..7f38e90 100644 --- a/internal/stupidgcm/common_test.go +++ b/internal/stupidgcm/common_test.go @@ -246,8 +246,6 @@ func testWipe(t *testing.T, c cipher.AEAD) { t.Fatal("c2.key is not zeroed") } } - case *stupidAegis: - c2.Wipe() // AEGIS has its own Wipe method default: t.Fatalf("BUG: unhandled type %T", c2) } diff --git a/tests/matrix/matrix_test.go b/tests/matrix/matrix_test.go index 625a423..0476764 100644 --- a/tests/matrix/matrix_test.go +++ b/tests/matrix/matrix_test.go @@ -24,6 +24,7 @@ import ( "golang.org/x/sys/unix" + "github.com/aegis-aead/go-libaegis/common" "github.com/rfjakob/gocryptfs/v2/internal/stupidgcm" "github.com/rfjakob/gocryptfs/v2/tests/test_helpers" ) @@ -79,7 +80,7 @@ var matrixAegisAdditions = []testcaseMatrix{ // This is the entry point for the tests func TestMain(m *testing.M) { - if !stupidgcm.BuiltWithoutAegis { + if !common.Available { matrix = append(matrix, matrixAegisAdditions...) } |