diff options
| author | Jakob Unterwurzacher | 2015-12-19 14:41:39 +0100 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2015-12-19 15:02:29 +0100 |
| commit | 1caa9258685fa5fad8935d3bfcd0eac7d7f84f1e (patch) | |
| tree | abc1e46f269f9ef8f05d812e13fcdf2bae68d298 /cryptfs/config_file.go | |
| parent | 88826dc51d7919ef8b190c079955230e653323e2 (diff) | |
Increase GCM IV size from 96 to 128 bits
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
Diffstat (limited to 'cryptfs/config_file.go')
| -rw-r--r-- | cryptfs/config_file.go | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go index 48e5474..138426a 100644 --- a/cryptfs/config_file.go +++ b/cryptfs/config_file.go @@ -46,6 +46,7 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN cf.EncryptKey(key, password, logN) // Set feature flags + cf.FeatureFlags = append(cf.FeatureFlags, FlagGCMIV128) if plaintextNames { cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames) } else { @@ -94,7 +95,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { // Unlock master key using password-based key // We use stock go GCM instead of OpenSSL here as speed is not important // and we get better error messages - cfs := NewCryptFS(scryptHash, false, false) + cfs := NewCryptFS(scryptHash, false, false, false) key, err := cfs.DecryptBlock(cf.EncryptedKey, 0, nil) if err != nil { Warn.Printf("failed to unlock master key: %s\n", err.Error()) @@ -115,7 +116,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) { scryptHash := cf.ScryptObject.DeriveKey(password) // Lock master key using password-based key - cfs := NewCryptFS(scryptHash, false, false) + cfs := NewCryptFS(scryptHash, false, false, false) cf.EncryptedKey = cfs.EncryptBlock(key, 0, nil) } @@ -155,16 +156,18 @@ func (cf *ConfFile) WriteFile() error { const ( // Understood Feature Flags. - // Also teach isFeatureFlagKnown() about any additions + // Also teach isFeatureFlagKnown() about any additions and + // add it to CreateConfFile() if you want to have it enabled by default. FlagPlaintextNames = "PlaintextNames" FlagDirIV = "DirIV" FlagEMENames = "EMENames" + FlagGCMIV128 = "GCMIV128" ) // Verify that we understand a feature flag func (cf *ConfFile) isFeatureFlagKnown(flag string) bool { switch flag { - case FlagPlaintextNames, FlagDirIV, FlagEMENames: + case FlagPlaintextNames, FlagDirIV, FlagEMENames, FlagGCMIV128: return true default: return false |