diff options
author | Jakob Unterwurzacher | 2016-09-25 11:20:10 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-09-25 16:43:17 +0200 |
commit | 7bbf6ad6eae47974b1162af13915785a541b9bb9 (patch) | |
tree | 88371ab9828c0dd415d78db1999267afd5432913 /internal/contentenc/content.go | |
parent | 3a9bd92754e3b6984c97f7012fd5f030d7f8e46c (diff) |
reverse: derive file ID and block IVs from file paths
Diffstat (limited to 'internal/contentenc/content.go')
-rw-r--r-- | internal/contentenc/content.go | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index c638221..98037d0 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -19,9 +19,9 @@ const ( // We always use 128-bit IVs for file content encryption IVBitLen = 128 - _ = iota // skip zero - RandomNonce NonceMode = iota - ReverseDummyNonce NonceMode = iota + _ = iota // skip zero + RandomNonce NonceMode = iota + ReverseDeterministicNonce NonceMode = iota ) type ContentEnc struct { @@ -147,12 +147,17 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by var nonce []byte switch nMode { - case ReverseDummyNonce: + case ReverseDeterministicNonce: if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV { - panic("MUST NOT use dummy nonces unless in GCMSIV mode!") + panic("MUST NOT use deterministic nonces unless in GCMSIV mode!") } - nonce = make([]byte, IVBitLen/8) - binary.BigEndian.PutUint64(nonce, blockNo) + l := IVBitLen / 8 + nonce = make([]byte, l) + copy(nonce, fileID) + // Add the block number to the last 8 byte. Plus one so the block-zero + // IV is distinct from the fileID. + counter := binary.BigEndian.Uint64(nonce[l-8 : l]) + binary.BigEndian.PutUint64(nonce[l-8:l], counter+blockNo+1) case RandomNonce: // Get a fresh random nonce nonce = be.cryptoCore.IVGenerator.Get() |