summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--internal/configfile/config_file.go2
-rw-r--r--internal/contentenc/content.go17
-rw-r--r--internal/fusefrontend/file.go2
-rw-r--r--internal/fusefrontend/fs.go2
4 files changed, 16 insertions, 7 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 32e7e66..74f506f 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -168,7 +168,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
// Lock master key using password-based key
cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96)
ce := contentenc.New(cc, 4096)
- cf.EncryptedKey = ce.EncryptBlock(key, 0, nil, contentenc.RandomNonce)
+ cf.EncryptedKey = ce.EncryptBlock(key, 0, nil, contentenc.RandomNonce, nil)
}
// WriteFile - write out config in JSON format to file "filename.tmp"
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 98037d0..5a628c8 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -22,6 +22,7 @@ const (
_ = iota // skip zero
RandomNonce NonceMode = iota
ReverseDeterministicNonce NonceMode = iota
+ ExternalNonce NonceMode = iota
)
type ContentEnc struct {
@@ -46,7 +47,7 @@ func New(cc *cryptocore.CryptoCore, plainBS uint64) *ContentEnc {
plainBS: plainBS,
cipherBS: cipherBS,
allZeroBlock: make([]byte, cipherBS),
- allZeroNonce: make([]byte, IVBitLen/8),
+ allZeroNonce: make([]byte, cc.IVLen),
}
}
@@ -132,14 +133,14 @@ func (be *ContentEnc) EncryptBlocks(plaintext []byte, firstBlockNo uint64, fileI
var outBuf bytes.Buffer
for blockNo := firstBlockNo; inBuf.Len() > 0; blockNo++ {
inBlock := inBuf.Next(int(be.plainBS))
- outBlock := be.EncryptBlock(inBlock, blockNo, fileId, nMode)
+ outBlock := be.EncryptBlock(inBlock, blockNo, fileId, nMode, nil)
outBuf.Write(outBlock)
}
return outBuf.Bytes()
}
// encryptBlock - Encrypt and add IV and MAC
-func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte, nMode NonceMode) []byte {
+func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte, nMode NonceMode, externalNonce []byte) []byte {
// Empty block?
if len(plaintext) == 0 {
return plaintext
@@ -147,11 +148,16 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
var nonce []byte
switch nMode {
+ case ExternalNonce:
+ if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
+ panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
+ }
+ nonce = externalNonce
case ReverseDeterministicNonce:
if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
}
- l := IVBitLen / 8
+ l := be.cryptoCore.IVLen
nonce = make([]byte, l)
copy(nonce, fileID)
// Add the block number to the last 8 byte. Plus one so the block-zero
@@ -164,6 +170,9 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
default:
panic("invalid nonce mode")
}
+ if len(nonce) != be.cryptoCore.IVLen {
+ panic("wrong nonce length")
+ }
// Authenticate block with block number and file ID
aData := make([]byte, 8)
diff --git a/internal/fusefrontend/file.go b/internal/fusefrontend/file.go
index b9edc76..aca7d90 100644
--- a/internal/fusefrontend/file.go
+++ b/internal/fusefrontend/file.go
@@ -256,7 +256,7 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
// Encrypt
blockOffset := b.BlockCipherOff()
- blockData = f.contentEnc.EncryptBlock(blockData, b.BlockNo, f.header.Id, contentenc.RandomNonce)
+ blockData = f.contentEnc.EncryptBlock(blockData, b.BlockNo, f.header.Id, contentenc.RandomNonce, nil)
tlog.Debug.Printf("ino%d: Writing %d bytes to block #%d",
f.ino, uint64(len(blockData))-f.contentEnc.BlockOverhead(), b.BlockNo)
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index f68f0f9..c15cd44 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -326,7 +326,7 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co
return fuse.ToStatus(err)
}
// Symlinks are encrypted like file contents (GCM) and base64-encoded
- cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil, contentenc.RandomNonce)
+ cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil, contentenc.RandomNonce, nil)
cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
// Handle long file name