diff options
author | Jakob Unterwurzacher | 2016-09-25 17:42:59 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-09-25 17:44:19 +0200 |
commit | 12808138ef105824de97924a585ad66bacb3a18b (patch) | |
tree | e5f5528db823b238986df6eec47578ca4d1e0dda /internal/contentenc | |
parent | 32e55261ca7a972a2ea2651c142022947cbe043f (diff) |
contentenc: add "ExternalNonce" mode
This will be used for strong symlink encryption in reverse mode.
Diffstat (limited to 'internal/contentenc')
-rw-r--r-- | internal/contentenc/content.go | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 98037d0..5a628c8 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -22,6 +22,7 @@ const ( _ = iota // skip zero RandomNonce NonceMode = iota ReverseDeterministicNonce NonceMode = iota + ExternalNonce NonceMode = iota ) type ContentEnc struct { @@ -46,7 +47,7 @@ func New(cc *cryptocore.CryptoCore, plainBS uint64) *ContentEnc { plainBS: plainBS, cipherBS: cipherBS, allZeroBlock: make([]byte, cipherBS), - allZeroNonce: make([]byte, IVBitLen/8), + allZeroNonce: make([]byte, cc.IVLen), } } @@ -132,14 +133,14 @@ func (be *ContentEnc) EncryptBlocks(plaintext []byte, firstBlockNo uint64, fileI var outBuf bytes.Buffer for blockNo := firstBlockNo; inBuf.Len() > 0; blockNo++ { inBlock := inBuf.Next(int(be.plainBS)) - outBlock := be.EncryptBlock(inBlock, blockNo, fileId, nMode) + outBlock := be.EncryptBlock(inBlock, blockNo, fileId, nMode, nil) outBuf.Write(outBlock) } return outBuf.Bytes() } // encryptBlock - Encrypt and add IV and MAC -func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte, nMode NonceMode) []byte { +func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte, nMode NonceMode, externalNonce []byte) []byte { // Empty block? if len(plaintext) == 0 { return plaintext @@ -147,11 +148,16 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by var nonce []byte switch nMode { + case ExternalNonce: + if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV { + panic("MUST NOT use deterministic nonces unless in GCMSIV mode!") + } + nonce = externalNonce case ReverseDeterministicNonce: if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV { panic("MUST NOT use deterministic nonces unless in GCMSIV mode!") } - l := IVBitLen / 8 + l := be.cryptoCore.IVLen nonce = make([]byte, l) copy(nonce, fileID) // Add the block number to the last 8 byte. Plus one so the block-zero @@ -164,6 +170,9 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by default: panic("invalid nonce mode") } + if len(nonce) != be.cryptoCore.IVLen { + panic("wrong nonce length") + } // Authenticate block with block number and file ID aData := make([]byte, 8) |