diff options
| author | Jakob Unterwurzacher | 2016-09-20 21:58:04 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2016-09-25 16:43:17 +0200 |
| commit | 7f87ed78f2f27831f2fa9409106846e3288c6f6e (patch) | |
| tree | b756236a7a9fcfce9f20eeee5ce4ba7aa51b00d9 /internal/contentenc | |
| parent | d1762c5b95c3279b0a2dfa3df5c99fe59922b666 (diff) | |
cryptocore: add support for GCM-SIV
Diffstat (limited to 'internal/contentenc')
| -rw-r--r-- | internal/contentenc/content.go | 8 | ||||
| -rw-r--r-- | internal/contentenc/content_test.go | 6 |
2 files changed, 8 insertions, 6 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 375221a..e132536 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -14,6 +14,8 @@ import ( const ( // Default plaintext block size DefaultBS = 4096 + // We always use 128-bit IVs for file content encryption + IVBitLen = 128 ) type ContentEnc struct { @@ -100,7 +102,7 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []b aData := make([]byte, 8) aData = append(aData, fileId...) binary.BigEndian.PutUint64(aData, blockNo) - plaintext, err := be.cryptoCore.Gcm.Open(plaintext, nonce, ciphertext, aData) + plaintext, err := be.cryptoCore.AEADCipher.Open(plaintext, nonce, ciphertext, aData) if err != nil { tlog.Warn.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig)) @@ -133,7 +135,7 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by } // Get fresh nonce - nonce := be.cryptoCore.GcmIVGen.Get() + nonce := be.cryptoCore.IVGenerator.Get() // Authenticate block with block number and file ID aData := make([]byte, 8) @@ -141,7 +143,7 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by aData = append(aData, fileID...) // Encrypt plaintext and append to nonce - ciphertext := be.cryptoCore.Gcm.Seal(nonce, nonce, plaintext, aData) + ciphertext := be.cryptoCore.AEADCipher.Seal(nonce, nonce, plaintext, aData) return ciphertext } diff --git a/internal/contentenc/content_test.go b/internal/contentenc/content_test.go index 299c8c8..faa2780 100644 --- a/internal/contentenc/content_test.go +++ b/internal/contentenc/content_test.go @@ -23,7 +23,7 @@ func TestSplitRange(t *testing.T) { testRange{6654, 8945}) key := make([]byte, cryptocore.KeyLen) - cc := cryptocore.New(key, true, true) + cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen) f := New(cc, DefaultBS) for _, r := range ranges { @@ -51,7 +51,7 @@ func TestCiphertextRange(t *testing.T) { testRange{6654, 8945}) key := make([]byte, cryptocore.KeyLen) - cc := cryptocore.New(key, true, true) + cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen) f := New(cc, DefaultBS) for _, r := range ranges { @@ -74,7 +74,7 @@ func TestCiphertextRange(t *testing.T) { func TestBlockNo(t *testing.T) { key := make([]byte, cryptocore.KeyLen) - cc := cryptocore.New(key, true, true) + cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen) f := New(cc, DefaultBS) b := f.CipherOffToBlockNo(788) |