summaryrefslogtreecommitdiff
path: root/internal/contentenc
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-09-25 17:42:59 +0200
committerJakob Unterwurzacher2016-09-25 17:44:19 +0200
commit12808138ef105824de97924a585ad66bacb3a18b (patch)
treee5f5528db823b238986df6eec47578ca4d1e0dda /internal/contentenc
parent32e55261ca7a972a2ea2651c142022947cbe043f (diff)
contentenc: add "ExternalNonce" mode
This will be used for strong symlink encryption in reverse mode.
Diffstat (limited to 'internal/contentenc')
-rw-r--r--internal/contentenc/content.go17
1 files changed, 13 insertions, 4 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 98037d0..5a628c8 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -22,6 +22,7 @@ const (
_ = iota // skip zero
RandomNonce NonceMode = iota
ReverseDeterministicNonce NonceMode = iota
+ ExternalNonce NonceMode = iota
)
type ContentEnc struct {
@@ -46,7 +47,7 @@ func New(cc *cryptocore.CryptoCore, plainBS uint64) *ContentEnc {
plainBS: plainBS,
cipherBS: cipherBS,
allZeroBlock: make([]byte, cipherBS),
- allZeroNonce: make([]byte, IVBitLen/8),
+ allZeroNonce: make([]byte, cc.IVLen),
}
}
@@ -132,14 +133,14 @@ func (be *ContentEnc) EncryptBlocks(plaintext []byte, firstBlockNo uint64, fileI
var outBuf bytes.Buffer
for blockNo := firstBlockNo; inBuf.Len() > 0; blockNo++ {
inBlock := inBuf.Next(int(be.plainBS))
- outBlock := be.EncryptBlock(inBlock, blockNo, fileId, nMode)
+ outBlock := be.EncryptBlock(inBlock, blockNo, fileId, nMode, nil)
outBuf.Write(outBlock)
}
return outBuf.Bytes()
}
// encryptBlock - Encrypt and add IV and MAC
-func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte, nMode NonceMode) []byte {
+func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte, nMode NonceMode, externalNonce []byte) []byte {
// Empty block?
if len(plaintext) == 0 {
return plaintext
@@ -147,11 +148,16 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
var nonce []byte
switch nMode {
+ case ExternalNonce:
+ if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
+ panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
+ }
+ nonce = externalNonce
case ReverseDeterministicNonce:
if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
}
- l := IVBitLen / 8
+ l := be.cryptoCore.IVLen
nonce = make([]byte, l)
copy(nonce, fileID)
// Add the block number to the last 8 byte. Plus one so the block-zero
@@ -164,6 +170,9 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
default:
panic("invalid nonce mode")
}
+ if len(nonce) != be.cryptoCore.IVLen {
+ panic("wrong nonce length")
+ }
// Authenticate block with block number and file ID
aData := make([]byte, 8)