aboutsummaryrefslogtreecommitdiff
path: root/internal/configfile
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-09-20 21:58:04 +0200
committerJakob Unterwurzacher2016-09-25 16:43:17 +0200
commit7f87ed78f2f27831f2fa9409106846e3288c6f6e (patch)
treeb756236a7a9fcfce9f20eeee5ce4ba7aa51b00d9 /internal/configfile
parentd1762c5b95c3279b0a2dfa3df5c99fe59922b666 (diff)
cryptocore: add support for GCM-SIV
Diffstat (limited to 'internal/configfile')
-rw-r--r--internal/configfile/config_file.go4
-rw-r--r--internal/configfile/feature_flags.go4
2 files changed, 5 insertions, 3 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index b36980f..178890b 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -139,7 +139,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
// Unlock master key using password-based key
// We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs,
// speed is not important and we get better error messages
- cc := cryptocore.New(scryptHash, false, false)
+ cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96)
ce := contentenc.New(cc, 4096)
tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password
@@ -163,7 +163,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
scryptHash := cf.ScryptObject.DeriveKey(password)
// Lock master key using password-based key
- cc := cryptocore.New(scryptHash, false, false)
+ cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96)
ce := contentenc.New(cc, 4096)
cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
}
diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go
index bac8ce8..90b8c22 100644
--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@@ -8,6 +8,7 @@ const (
FlagEMENames
FlagGCMIV128
FlagLongNames
+ FlagGCMSIV
)
// knownFlags stores the known feature flags and their string representation
@@ -17,6 +18,7 @@ var knownFlags map[flagIota]string = map[flagIota]string{
FlagEMENames: "EMENames",
FlagGCMIV128: "GCMIV128",
FlagLongNames: "LongNames",
+ FlagGCMSIV: "GCMSIV",
}
// Filesystems that do not have these feature flags set are deprecated.
@@ -27,7 +29,7 @@ var requiredFlagsNormal []flagIota = []flagIota{
}
// Filesystems without filename encryption obviously don't have or need the
-// related feature flags.
+// filename related feature flags.
var requiredFlagsPlaintextNames []flagIota = []flagIota{
FlagGCMIV128,
}