summaryrefslogtreecommitdiff
path: root/internal/contentenc
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-09-25 11:20:10 +0200
committerJakob Unterwurzacher2016-09-25 16:43:17 +0200
commit7bbf6ad6eae47974b1162af13915785a541b9bb9 (patch)
tree88371ab9828c0dd415d78db1999267afd5432913 /internal/contentenc
parent3a9bd92754e3b6984c97f7012fd5f030d7f8e46c (diff)
reverse: derive file ID and block IVs from file paths
Diffstat (limited to 'internal/contentenc')
-rw-r--r--internal/contentenc/content.go19
1 files changed, 12 insertions, 7 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index c638221..98037d0 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -19,9 +19,9 @@ const (
// We always use 128-bit IVs for file content encryption
IVBitLen = 128
- _ = iota // skip zero
- RandomNonce NonceMode = iota
- ReverseDummyNonce NonceMode = iota
+ _ = iota // skip zero
+ RandomNonce NonceMode = iota
+ ReverseDeterministicNonce NonceMode = iota
)
type ContentEnc struct {
@@ -147,12 +147,17 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
var nonce []byte
switch nMode {
- case ReverseDummyNonce:
+ case ReverseDeterministicNonce:
if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
- panic("MUST NOT use dummy nonces unless in GCMSIV mode!")
+ panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
}
- nonce = make([]byte, IVBitLen/8)
- binary.BigEndian.PutUint64(nonce, blockNo)
+ l := IVBitLen / 8
+ nonce = make([]byte, l)
+ copy(nonce, fileID)
+ // Add the block number to the last 8 byte. Plus one so the block-zero
+ // IV is distinct from the fileID.
+ counter := binary.BigEndian.Uint64(nonce[l-8 : l])
+ binary.BigEndian.PutUint64(nonce[l-8:l], counter+blockNo+1)
case RandomNonce:
// Get a fresh random nonce
nonce = be.cryptoCore.IVGenerator.Get()