aboutsummaryrefslogtreecommitdiff
path: root/internal/contentenc
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-09-20 21:58:04 +0200
committerJakob Unterwurzacher2016-09-25 16:43:17 +0200
commit7f87ed78f2f27831f2fa9409106846e3288c6f6e (patch)
treeb756236a7a9fcfce9f20eeee5ce4ba7aa51b00d9 /internal/contentenc
parentd1762c5b95c3279b0a2dfa3df5c99fe59922b666 (diff)
cryptocore: add support for GCM-SIV
Diffstat (limited to 'internal/contentenc')
-rw-r--r--internal/contentenc/content.go8
-rw-r--r--internal/contentenc/content_test.go6
2 files changed, 8 insertions, 6 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 375221a..e132536 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -14,6 +14,8 @@ import (
const (
// Default plaintext block size
DefaultBS = 4096
+ // We always use 128-bit IVs for file content encryption
+ IVBitLen = 128
)
type ContentEnc struct {
@@ -100,7 +102,7 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []b
aData := make([]byte, 8)
aData = append(aData, fileId...)
binary.BigEndian.PutUint64(aData, blockNo)
- plaintext, err := be.cryptoCore.Gcm.Open(plaintext, nonce, ciphertext, aData)
+ plaintext, err := be.cryptoCore.AEADCipher.Open(plaintext, nonce, ciphertext, aData)
if err != nil {
tlog.Warn.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig))
@@ -133,7 +135,7 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
}
// Get fresh nonce
- nonce := be.cryptoCore.GcmIVGen.Get()
+ nonce := be.cryptoCore.IVGenerator.Get()
// Authenticate block with block number and file ID
aData := make([]byte, 8)
@@ -141,7 +143,7 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
aData = append(aData, fileID...)
// Encrypt plaintext and append to nonce
- ciphertext := be.cryptoCore.Gcm.Seal(nonce, nonce, plaintext, aData)
+ ciphertext := be.cryptoCore.AEADCipher.Seal(nonce, nonce, plaintext, aData)
return ciphertext
}
diff --git a/internal/contentenc/content_test.go b/internal/contentenc/content_test.go
index 299c8c8..faa2780 100644
--- a/internal/contentenc/content_test.go
+++ b/internal/contentenc/content_test.go
@@ -23,7 +23,7 @@ func TestSplitRange(t *testing.T) {
testRange{6654, 8945})
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, true, true)
+ cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
f := New(cc, DefaultBS)
for _, r := range ranges {
@@ -51,7 +51,7 @@ func TestCiphertextRange(t *testing.T) {
testRange{6654, 8945})
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, true, true)
+ cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
f := New(cc, DefaultBS)
for _, r := range ranges {
@@ -74,7 +74,7 @@ func TestCiphertextRange(t *testing.T) {
func TestBlockNo(t *testing.T) {
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, true, true)
+ cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
f := New(cc, DefaultBS)
b := f.CipherOffToBlockNo(788)