Add partial XChaCha20-Poly1305 support (mount flag only)

Mount flag only at the moment, not saved to gocryptfs.conf. https://github.com/rfjakob/gocryptfs/issues/452
author: Jakob Unterwurzacher 2021-08-21 12:08:37 +0200
committer: Jakob Unterwurzacher 2021-08-23 16:00:41 +0200
commit: 4764a9bde093f6b61d0370653c6c9d12949ed145 (patch)
tree: d71078f71ed3eb0c855e54a13e37b5051ca1bc94 /mount.go
parent: b02812f8b3609403e36c0c182fd2f01537dd6e82 (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/mount.go b/mount.go
index 810f008..f8347f1 100644
--- a/mount.go
+++ b/mount.go
@@ -19,6 +19,8 @@ import (
 	"syscall"
 	"time"
 
+	"golang.org/x/crypto/chacha20poly1305"
+
 	"github.com/hanwen/go-fuse/v2/fs"
 	"github.com/hanwen/go-fuse/v2/fuse"
 
@@ -249,12 +251,17 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 	// Reconciliate CLI and config file arguments into a fusefrontend.Args struct
 	// that is passed to the filesystem implementation
 	cryptoBackend := cryptocore.BackendGoGCM
+	IVBits := contentenc.DefaultIVBits
 	if args.openssl {
 		cryptoBackend = cryptocore.BackendOpenSSL
 	}
 	if args.aessiv {
 		cryptoBackend = cryptocore.BackendAESSIV
 	}
+	if args.xchacha {
+		cryptoBackend = cryptocore.BackendXChaCha20Poly1305
+		IVBits = chacha20poly1305.NonceSizeX * 8
+	}
 	// forceOwner implies allow_other, as documented.
 	// Set this early, so args.allow_other can be relied on below this point.
 	if args._forceOwner != nil {
@@ -287,10 +294,23 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 		args.hkdf = confFile.IsFeatureFlagSet(configfile.FlagHKDF)
 		if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) {
 			cryptoBackend = cryptocore.BackendAESSIV
+			IVBits = contentenc.DefaultIVBits
 		} else if args.reverse {
 			tlog.Fatal.Printf("AES-SIV is required by reverse mode, but not enabled in the config file")
 			os.Exit(exitcodes.Usage)
 		}
+		if confFile.IsFeatureFlagSet(configfile.FlagXChaCha20Poly1305) {
+			cryptoBackend = cryptocore.BackendXChaCha20Poly1305
+			IVBits = chacha20poly1305.NonceSizeX * 8
+		}
+		// If neither AES-SIV nor XChaCha are selected, we must be using AES-GCM
+		if !confFile.IsFeatureFlagSet(configfile.FlagAESSIV) && !confFile.IsFeatureFlagSet(configfile.FlagXChaCha20Poly1305) {
+			cryptoBackend = cryptocore.BackendGoGCM
+			if args.openssl {
+				cryptoBackend = cryptocore.BackendOpenSSL
+			}
+			IVBits = contentenc.DefaultIVBits
+		}
 	}
 	// If allow_other is set and we run as root, try to give newly created files to
 	// the right user.
@@ -299,7 +319,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 	}
 
 	// Init crypto backend
-	cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
+	cCore := cryptocore.New(masterkey, cryptoBackend, IVBits, args.hkdf, args.forcedecode)
 	cEnc := contentenc.New(cCore, contentenc.DefaultBS, args.forcedecode)
 	nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames,
 		args.raw64, []string(args.badname), frontendArgs.DeterministicNames)
author	Jakob Unterwurzacher	2021-08-21 12:08:37 +0200
committer	Jakob Unterwurzacher	2021-08-23 16:00:41 +0200
commit	4764a9bde093f6b61d0370653c6c9d12949ed145 (patch)
tree	d71078f71ed3eb0c855e54a13e37b5051ca1bc94 /mount.go
parent	b02812f8b3609403e36c0c182fd2f01537dd6e82 (diff)