diff options
author | Jakob Unterwurzacher | 2016-09-20 21:58:04 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-09-25 16:43:17 +0200 |
commit | 7f87ed78f2f27831f2fa9409106846e3288c6f6e (patch) | |
tree | b756236a7a9fcfce9f20eeee5ce4ba7aa51b00d9 /internal/configfile | |
parent | d1762c5b95c3279b0a2dfa3df5c99fe59922b666 (diff) |
cryptocore: add support for GCM-SIV
Diffstat (limited to 'internal/configfile')
-rw-r--r-- | internal/configfile/config_file.go | 4 | ||||
-rw-r--r-- | internal/configfile/feature_flags.go | 4 |
2 files changed, 5 insertions, 3 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index b36980f..178890b 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -139,7 +139,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { // Unlock master key using password-based key // We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs, // speed is not important and we get better error messages - cc := cryptocore.New(scryptHash, false, false) + cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) ce := contentenc.New(cc, 4096) tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password @@ -163,7 +163,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) { scryptHash := cf.ScryptObject.DeriveKey(password) // Lock master key using password-based key - cc := cryptocore.New(scryptHash, false, false) + cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) ce := contentenc.New(cc, 4096) cf.EncryptedKey = ce.EncryptBlock(key, 0, nil) } diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index bac8ce8..90b8c22 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -8,6 +8,7 @@ const ( FlagEMENames FlagGCMIV128 FlagLongNames + FlagGCMSIV ) // knownFlags stores the known feature flags and their string representation @@ -17,6 +18,7 @@ var knownFlags map[flagIota]string = map[flagIota]string{ FlagEMENames: "EMENames", FlagGCMIV128: "GCMIV128", FlagLongNames: "LongNames", + FlagGCMSIV: "GCMSIV", } // Filesystems that do not have these feature flags set are deprecated. @@ -27,7 +29,7 @@ var requiredFlagsNormal []flagIota = []flagIota{ } // Filesystems without filename encryption obviously don't have or need the -// related feature flags. +// filename related feature flags. var requiredFlagsPlaintextNames []flagIota = []flagIota{ FlagGCMIV128, } |