diff options
| author | Jakob Unterwurzacher | 2016-09-25 18:04:44 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2016-09-25 18:40:29 +0200 |
| commit | abd61d968d80a54b366bf65b9dc1fcf2c5bfa1e1 (patch) | |
| tree | 80349d34e49c17051e41f7ab3585777ab0b625fa | |
| parent | b883dd10a62eb8d7ddf589e2878d8e0f65a90e83 (diff) | |
contentenc: rename constant "IVBitLen" to "DefaultIVBits" and clarify comment
128-bit IVs are NOT used everywhere.
| -rw-r--r-- | gocryptfs-xray/xray_main.go | 2 | ||||
| -rw-r--r-- | internal/contentenc/content.go | 5 | ||||
| -rw-r--r-- | internal/contentenc/content_test.go | 6 | ||||
| -rw-r--r-- | internal/fusefrontend/fs.go | 2 | ||||
| -rw-r--r-- | internal/fusefrontend_reverse/rfs.go | 2 |
5 files changed, 9 insertions, 8 deletions
diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go index 81e4c10..8ebed8e 100644 --- a/gocryptfs-xray/xray_main.go +++ b/gocryptfs-xray/xray_main.go @@ -12,7 +12,7 @@ import ( ) const ( - IVLen = contentenc.IVBitLen / 8 + IVLen = contentenc.DefaultIVBits / 8 blockSize = contentenc.DefaultBS + IVLen + cryptocore.AuthTagLen ) diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 5a628c8..7561859 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -16,8 +16,9 @@ type NonceMode int const ( // Default plaintext block size DefaultBS = 4096 - // We always use 128-bit IVs for file content encryption - IVBitLen = 128 + // We always use 128-bit IVs for file content, but the + // key in the config file is encrypted with a 96-bit IV. + DefaultIVBits = 128 _ = iota // skip zero RandomNonce NonceMode = iota diff --git a/internal/contentenc/content_test.go b/internal/contentenc/content_test.go index faa2780..70b71fe 100644 --- a/internal/contentenc/content_test.go +++ b/internal/contentenc/content_test.go @@ -23,7 +23,7 @@ func TestSplitRange(t *testing.T) { testRange{6654, 8945}) key := make([]byte, cryptocore.KeyLen) - cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen) + cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits) f := New(cc, DefaultBS) for _, r := range ranges { @@ -51,7 +51,7 @@ func TestCiphertextRange(t *testing.T) { testRange{6654, 8945}) key := make([]byte, cryptocore.KeyLen) - cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen) + cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits) f := New(cc, DefaultBS) for _, r := range ranges { @@ -74,7 +74,7 @@ func TestCiphertextRange(t *testing.T) { func TestBlockNo(t *testing.T) { key := make([]byte, cryptocore.KeyLen) - cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen) + cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits) f := New(cc, DefaultBS) b := f.CipherOffToBlockNo(788) diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index c15cd44..295d011 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -37,7 +37,7 @@ type FS struct { // Encrypted FUSE overlay filesystem func NewFS(args Args) *FS { - cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.IVBitLen) + cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS) nameTransform := nametransform.New(cryptoCore, args.LongNames) diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index cfe23b6..06ca07e 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -44,7 +44,7 @@ type reverseFS struct { // Encrypted FUSE overlay filesystem func NewFS(args fusefrontend.Args) *reverseFS { - cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.IVBitLen) + cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS) nameTransform := nametransform.New(cryptoCore, args.LongNames) |