diff options
| author | Jakob Unterwurzacher | 2016-09-25 11:20:10 +0200 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2016-09-25 16:43:17 +0200 | 
| commit | 7bbf6ad6eae47974b1162af13915785a541b9bb9 (patch) | |
| tree | 88371ab9828c0dd415d78db1999267afd5432913 /internal/contentenc | |
| parent | 3a9bd92754e3b6984c97f7012fd5f030d7f8e46c (diff) | |
reverse: derive file ID and block IVs from file paths
Diffstat (limited to 'internal/contentenc')
| -rw-r--r-- | internal/contentenc/content.go | 19 | 
1 files changed, 12 insertions, 7 deletions
| diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index c638221..98037d0 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -19,9 +19,9 @@ const (  	// We always use 128-bit IVs for file content encryption  	IVBitLen = 128 -	_                           = iota // skip zero -	RandomNonce       NonceMode = iota -	ReverseDummyNonce NonceMode = iota +	_                                   = iota // skip zero +	RandomNonce               NonceMode = iota +	ReverseDeterministicNonce NonceMode = iota  )  type ContentEnc struct { @@ -147,12 +147,17 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by  	var nonce []byte  	switch nMode { -	case ReverseDummyNonce: +	case ReverseDeterministicNonce:  		if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV { -			panic("MUST NOT use dummy nonces unless in GCMSIV mode!") +			panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")  		} -		nonce = make([]byte, IVBitLen/8) -		binary.BigEndian.PutUint64(nonce, blockNo) +		l := IVBitLen / 8 +		nonce = make([]byte, l) +		copy(nonce, fileID) +		// Add the block number to the last 8 byte. Plus one so the block-zero +		// IV is distinct from the fileID. +		counter := binary.BigEndian.Uint64(nonce[l-8 : l]) +		binary.BigEndian.PutUint64(nonce[l-8:l], counter+blockNo+1)  	case RandomNonce:  		// Get a fresh random nonce  		nonce = be.cryptoCore.IVGenerator.Get() | 
