summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--gocryptfs-xray/xray_main.go2
-rw-r--r--internal/contentenc/content.go5
-rw-r--r--internal/contentenc/content_test.go6
-rw-r--r--internal/fusefrontend/fs.go2
-rw-r--r--internal/fusefrontend_reverse/rfs.go2
5 files changed, 9 insertions, 8 deletions
diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go
index 81e4c10..8ebed8e 100644
--- a/gocryptfs-xray/xray_main.go
+++ b/gocryptfs-xray/xray_main.go
@@ -12,7 +12,7 @@ import (
)
const (
- IVLen = contentenc.IVBitLen / 8
+ IVLen = contentenc.DefaultIVBits / 8
blockSize = contentenc.DefaultBS + IVLen + cryptocore.AuthTagLen
)
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 5a628c8..7561859 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -16,8 +16,9 @@ type NonceMode int
const (
// Default plaintext block size
DefaultBS = 4096
- // We always use 128-bit IVs for file content encryption
- IVBitLen = 128
+ // We always use 128-bit IVs for file content, but the
+ // key in the config file is encrypted with a 96-bit IV.
+ DefaultIVBits = 128
_ = iota // skip zero
RandomNonce NonceMode = iota
diff --git a/internal/contentenc/content_test.go b/internal/contentenc/content_test.go
index faa2780..70b71fe 100644
--- a/internal/contentenc/content_test.go
+++ b/internal/contentenc/content_test.go
@@ -23,7 +23,7 @@ func TestSplitRange(t *testing.T) {
testRange{6654, 8945})
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
+ cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits)
f := New(cc, DefaultBS)
for _, r := range ranges {
@@ -51,7 +51,7 @@ func TestCiphertextRange(t *testing.T) {
testRange{6654, 8945})
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
+ cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits)
f := New(cc, DefaultBS)
for _, r := range ranges {
@@ -74,7 +74,7 @@ func TestCiphertextRange(t *testing.T) {
func TestBlockNo(t *testing.T) {
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
+ cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits)
f := New(cc, DefaultBS)
b := f.CipherOffToBlockNo(788)
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index c15cd44..295d011 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -37,7 +37,7 @@ type FS struct {
// Encrypted FUSE overlay filesystem
func NewFS(args Args) *FS {
- cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.IVBitLen)
+ cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames)
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index cfe23b6..06ca07e 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -44,7 +44,7 @@ type reverseFS struct {
// Encrypted FUSE overlay filesystem
func NewFS(args fusefrontend.Args) *reverseFS {
- cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.IVBitLen)
+ cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 15:40:13 +0000