summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cli_args.go6
-rw-r--r--internal/cryptocore/cryptocore.go16
-rw-r--r--mount.go17
3 files changed, 31 insertions, 8 deletions
diff --git a/cli_args.go b/cli_args.go
index 7175006..d666b47 100644
--- a/cli_args.go
+++ b/cli_args.go
@@ -253,7 +253,11 @@ func parseCliOpts(osArgs []string) (args argContainer) {
}
// "-openssl" needs some post-processing
if opensslAuto == "auto" {
- args.openssl = stupidgcm.PreferOpenSSLAES256GCM()
+ if args.xchacha {
+ args.openssl = stupidgcm.PreferOpenSSLXchacha20poly1305()
+ } else {
+ args.openssl = stupidgcm.PreferOpenSSLAES256GCM()
+ }
} else {
args.openssl, err = strconv.ParseBool(opensslAuto)
if err != nil {
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index d7b7527..dd7c98b 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -32,11 +32,11 @@ type AEADTypeEnum struct {
NonceSize int
}
-// BackendOpenSSL specifies the OpenSSL backend.
+// BackendOpenSSL specifies the OpenSSL AES-256-GCM backend.
// "AES-GCM-256-OpenSSL" in gocryptfs -speed.
var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-OpenSSL", 16}
-// BackendGoGCM specifies the Go based GCM backend.
+// BackendGoGCM specifies the Go based AES-256-GCM backend.
// "AES-GCM-256-Go" in gocryptfs -speed.
var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-Go", 16}
@@ -130,6 +130,8 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
if err != nil {
log.Panic(err)
}
+ default:
+ log.Panicf("BUG: unhandled case: %v", aeadType)
}
for i := range gcmKey {
gcmKey[i] = 0
@@ -154,7 +156,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
for i := range key64 {
key64[i] = 0
}
- } else if aeadType == BackendXChaCha20Poly1305 {
+ } else if aeadType == BackendXChaCha20Poly1305 || aeadType == BackendXChaCha20Poly1305OpenSSL {
// We don't support legacy modes with XChaCha20-Poly1305
if IVBitLen != chacha20poly1305.NonceSizeX*8 {
log.Panicf("XChaCha20-Poly1305 must use 192-bit IVs, you wanted %d", IVBitLen)
@@ -163,7 +165,13 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
log.Panic("XChaCha20-Poly1305 must use HKDF, but it is disabled")
}
derivedKey := hkdfDerive(key, hkdfInfoXChaChaPoly1305Content, chacha20poly1305.KeySize)
- aeadCipher, err = chacha20poly1305.NewX(derivedKey)
+ if aeadType == BackendXChaCha20Poly1305 {
+ aeadCipher, err = chacha20poly1305.NewX(derivedKey)
+ } else if aeadType == BackendXChaCha20Poly1305OpenSSL {
+ aeadCipher = stupidgcm.NewXchacha20poly1305(derivedKey)
+ } else {
+ log.Panicf("BUG: unhandled case: %v", aeadType)
+ }
if err != nil {
log.Panic(err)
}
diff --git a/mount.go b/mount.go
index d7cd7db..b1c76dd 100644
--- a/mount.go
+++ b/mount.go
@@ -259,7 +259,11 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
cryptoBackend = cryptocore.BackendAESSIV
}
if args.xchacha {
- cryptoBackend = cryptocore.BackendXChaCha20Poly1305
+ if args.openssl {
+ cryptoBackend = cryptocore.BackendXChaCha20Poly1305OpenSSL
+ } else {
+ cryptoBackend = cryptocore.BackendXChaCha20Poly1305
+ }
IVBits = chacha20poly1305.NonceSizeX * 8
}
// forceOwner implies allow_other, as documented.
@@ -291,6 +295,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
frontendArgs.DeterministicNames = !confFile.IsFeatureFlagSet(configfile.FlagDirIV)
args.raw64 = confFile.IsFeatureFlagSet(configfile.FlagRaw64)
args.hkdf = confFile.IsFeatureFlagSet(configfile.FlagHKDF)
+ // Note: this will always return the non-openssl variant
cryptoBackend, err = confFile.ContentEncryption()
if err != nil {
tlog.Fatal.Printf("%v", err)
@@ -301,8 +306,14 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
tlog.Fatal.Printf("AES-SIV is required by reverse mode, but not enabled in the config file")
os.Exit(exitcodes.Usage)
}
- if cryptoBackend == cryptocore.BackendGoGCM && args.openssl {
- cryptoBackend = cryptocore.BackendOpenSSL
+ // Upgrade to OpenSSL variant if requested
+ if args.openssl {
+ switch cryptoBackend {
+ case cryptocore.BackendGoGCM:
+ cryptoBackend = cryptocore.BackendOpenSSL
+ case cryptocore.BackendXChaCha20Poly1305:
+ cryptoBackend = cryptocore.BackendXChaCha20Poly1305OpenSSL
+ }
}
}
// If allow_other is set and we run as root, try to give newly created files to