summaryrefslogtreecommitdiff
path: root/main.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2015-12-19 14:41:39 +0100
committerJakob Unterwurzacher2015-12-19 15:02:29 +0100
commit1caa9258685fa5fad8935d3bfcd0eac7d7f84f1e (patch)
treeabc1e46f269f9ef8f05d812e13fcdf2bae68d298 /main.go
parent88826dc51d7919ef8b190c079955230e653323e2 (diff)
Increase GCM IV size from 96 to 128 bits
This pushes back the birthday bound for collisions to make it virtually irrelevant.
Diffstat (limited to 'main.go')
-rw-r--r--main.go5
1 files changed, 4 insertions, 1 deletions
diff --git a/main.go b/main.go
index 49b13d1..7013f07 100644
--- a/main.go
+++ b/main.go
@@ -35,7 +35,7 @@ const (
type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
- plaintextnames, quiet, diriv, emenames bool
+ plaintextnames, quiet, diriv, emenames, gcmiv128 bool
masterkey, mountpoint, cipherdir, cpuprofile, config, extpass string
notifypid, scryptn int
}
@@ -149,6 +149,7 @@ func main() {
flagSet.BoolVar(&args.quiet, "q", false, "Quiet - silence informational messages")
flagSet.BoolVar(&args.diriv, "diriv", true, "Use per-directory file name IV")
flagSet.BoolVar(&args.emenames, "emenames", true, "Use EME filename encryption. This option implies diriv.")
+ flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits")
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
flagSet.StringVar(&args.config, "config", "", "Use specified config file instead of CIPHERDIR/gocryptfs.conf")
@@ -293,6 +294,7 @@ func pathfsFrontend(key []byte, args argContainer, confFile *cryptfs.ConfFile) *
PlaintextNames: args.plaintextnames,
DirIV: args.diriv,
EMENames: args.emenames,
+ GCMIV128: args.gcmiv128,
}
// confFile is nil when "-zerokey" or "-masterkey" was used
if confFile != nil {
@@ -300,6 +302,7 @@ func pathfsFrontend(key []byte, args argContainer, confFile *cryptfs.ConfFile) *
frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(cryptfs.FlagPlaintextNames)
frontendArgs.DirIV = confFile.IsFeatureFlagSet(cryptfs.FlagDirIV)
frontendArgs.EMENames = confFile.IsFeatureFlagSet(cryptfs.FlagEMENames)
+ frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(cryptfs.FlagGCMIV128)
}
// EMENames implies DirIV, both on the command line and in the config file.
if frontendArgs.EMENames {
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 20:02:29 +0000