summaryrefslogtreecommitdiff
path: root/mount.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-08-23 22:10:23 +0200
committerJakob Unterwurzacher2021-08-23 22:10:23 +0200
commit806334eacf2e50d712844761aca2b11014ec99df (patch)
tree5d531146e92f7770a02e03107afdcb2fcc7a0ab1 /mount.go
parentb12ad292d4dfef1c00567fe3def7e73461d3c217 (diff)
cryptocore: add NonceSize to AEADTypeEnum
Have the information in one centralized place, and access it from main as needed.
Diffstat (limited to 'mount.go')
-rw-r--r--mount.go24
1 files changed, 9 insertions, 15 deletions
diff --git a/mount.go b/mount.go
index f8347f1..44d5878 100644
--- a/mount.go
+++ b/mount.go
@@ -292,24 +292,18 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
frontendArgs.DeterministicNames = !confFile.IsFeatureFlagSet(configfile.FlagDirIV)
args.raw64 = confFile.IsFeatureFlagSet(configfile.FlagRaw64)
args.hkdf = confFile.IsFeatureFlagSet(configfile.FlagHKDF)
- if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) {
- cryptoBackend = cryptocore.BackendAESSIV
- IVBits = contentenc.DefaultIVBits
- } else if args.reverse {
+ cryptoBackend, err = confFile.ContentEncryption()
+ if err != nil {
+ tlog.Fatal.Printf("%v", err)
+ os.Exit(exitcodes.DeprecatedFS)
+ }
+ IVBits = cryptoBackend.NonceSize * 8
+ if cryptoBackend != cryptocore.BackendAESSIV && args.reverse {
tlog.Fatal.Printf("AES-SIV is required by reverse mode, but not enabled in the config file")
os.Exit(exitcodes.Usage)
}
- if confFile.IsFeatureFlagSet(configfile.FlagXChaCha20Poly1305) {
- cryptoBackend = cryptocore.BackendXChaCha20Poly1305
- IVBits = chacha20poly1305.NonceSizeX * 8
- }
- // If neither AES-SIV nor XChaCha are selected, we must be using AES-GCM
- if !confFile.IsFeatureFlagSet(configfile.FlagAESSIV) && !confFile.IsFeatureFlagSet(configfile.FlagXChaCha20Poly1305) {
- cryptoBackend = cryptocore.BackendGoGCM
- if args.openssl {
- cryptoBackend = cryptocore.BackendOpenSSL
- }
- IVBits = contentenc.DefaultIVBits
+ if cryptoBackend == cryptocore.BackendGoGCM && args.openssl {
+ cryptoBackend = cryptocore.BackendOpenSSL
}
}
// If allow_other is set and we run as root, try to give newly created files to