diff options
author | Jakob Unterwurzacher | 2017-03-05 18:03:03 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-03-05 18:03:03 +0100 |
commit | b7328815183b7a4ff37156085fb78e8e86aff165 (patch) | |
tree | 650e24e8767ede99c76a5d78804de72f993eaf1a /internal | |
parent | a8d154765ab1cea4f21cd9f7dd0b4d6ba7183cca (diff) |
configfile: switch to 128-bit IVs for master key encryption
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
Diffstat (limited to 'internal')
-rw-r--r-- | internal/configfile/config_file.go | 14 | ||||
-rw-r--r-- | internal/contentenc/content.go | 3 | ||||
-rw-r--r-- | internal/cryptocore/cryptocore.go | 4 |
3 files changed, 14 insertions, 7 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 1233d8a..d28b1d4 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -154,9 +154,15 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { scryptHash := cf.ScryptObject.DeriveKey(password) // Unlock master key using password-based key - // We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs, - // speed is not important and we get better error messages - cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) + // gocryptfs v1.2 and older used 96-bit IVs for master key encryption. + // v1.3 and up use 128 bits, which makes EncryptedKey longer (64 bytes). + IVLen := contentenc.DefaultIVBits + if len(cf.EncryptedKey) == 60 { + IVLen = 96 + } + // We use stock Go GCM instead of OpenSSL as speed is not + // important and we get better error messages + cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, IVLen) ce := contentenc.New(cc, 4096) tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password @@ -180,7 +186,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) { scryptHash := cf.ScryptObject.DeriveKey(password) // Lock master key using password-based key - cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) + cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, contentenc.DefaultIVBits) ce := contentenc.New(cc, 4096) cf.EncryptedKey = ce.EncryptBlock(key, 0, nil) } diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 322163a..a2a263c 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -20,7 +20,8 @@ const ( DefaultBS = 4096 // DefaultIVBits is the default length of IV, in bits. // We always use 128-bit IVs for file content, but the - // key in the config file is encrypted with a 96-bit IV. + // master key in the config file is encrypted with a 96-bit IV for + // gocryptfs v1.2 and earlier. v1.3 switched to 128 bit. DefaultIVBits = 128 _ = iota // skip zero diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 735c409..7e1d238 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -49,8 +49,8 @@ type CryptoCore struct { // New returns a new CryptoCore object or panics. // // Even though the "GCMIV128" feature flag is now mandatory, we must still -// support 96-bit IVs here because they are used for encrypting the master -// key in gocryptfs.conf. +// support 96-bit IVs here because they were used for encrypting the master +// key in gocryptfs.conf up to gocryptfs v1.2. v1.3 switched to 128 bits. func New(key []byte, aeadType AEADTypeEnum, IVBitLen int) *CryptoCore { if len(key) != KeyLen { log.Panic(fmt.Sprintf("Unsupported key length %d", len(key))) |