diff options
Diffstat (limited to 'internal/configfile')
| -rw-r--r-- | internal/configfile/config_file.go | 6 | ||||
| -rw-r--r-- | internal/configfile/feature_flags.go | 6 | ||||
| -rw-r--r-- | internal/configfile/scrypt.go | 8 | ||||
| -rw-r--r-- | internal/configfile/validate.go | 7 |
4 files changed, 15 insertions, 12 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 5e10228..60b8a15 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -94,7 +94,7 @@ func Create(args *CreateArgs) error { if args.XChaCha20Poly1305 { cf.setFeatureFlag(FlagXChaCha20Poly1305) } else if args.Aegis { - cf.setFeatureFlag(FlagAegis) + cf.setFeatureFlag(FlagAegis256X2) } else { // 128-bit IVs are mandatory for AES-GCM (default is 96!) and AES-SIV, // XChaCha20Poly1305 uses even an even longer IV of 192 bits. @@ -136,7 +136,7 @@ func Create(args *CreateArgs) error { key := args.Masterkey if key == nil { // Generate new random master key - key = cryptocore.RandBytes(cryptocore.MaxKeyLen) + key = cryptocore.RandBytes(cryptocore.KeyLen) } tlog.PrintMasterkeyReminder(key) // Encrypt it using the password @@ -330,7 +330,7 @@ func (cf *ConfFile) ContentEncryption() (algo cryptocore.AEADTypeEnum, err error if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) { return cryptocore.BackendXChaCha20Poly1305, nil } - if cf.IsFeatureFlagSet(FlagAegis) { + if cf.IsFeatureFlagSet(FlagAegis256X2) { return cryptocore.BackendAegis, nil } if cf.IsFeatureFlagSet(FlagAESSIV) { diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index 2722831..b4cc611 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -34,8 +34,8 @@ const ( FlagFIDO2 // FlagXChaCha20Poly1305 means we use XChaCha20-Poly1305 file content encryption FlagXChaCha20Poly1305 - // FlagAegis means we use Aegis file content encryption - FlagAegis + // FlagAegis256X2 means we use Aegis256X2 file content encryption + FlagAegis256X2 ) // knownFlags stores the known feature flags and their string representation @@ -51,7 +51,7 @@ var knownFlags = map[flagIota]string{ FlagHKDF: "HKDF", FlagFIDO2: "FIDO2", FlagXChaCha20Poly1305: "XChaCha20Poly1305", - FlagAegis: "AEGIS", + FlagAegis256X2: "AEGIS256X2", } // isFeatureFlagKnown verifies that we understand a feature flag. diff --git a/internal/configfile/scrypt.go b/internal/configfile/scrypt.go index b82a431..0ce8777 100644 --- a/internal/configfile/scrypt.go +++ b/internal/configfile/scrypt.go @@ -49,7 +49,7 @@ type ScryptKDF struct { // NewScryptKDF returns a new instance of ScryptKDF. func NewScryptKDF(logN int) ScryptKDF { var s ScryptKDF - s.Salt = cryptocore.RandBytes(cryptocore.MaxKeyLen) + s.Salt = cryptocore.RandBytes(cryptocore.KeyLen) if logN <= 0 { s.N = 1 << ScryptDefaultLogN } else { @@ -57,7 +57,7 @@ func NewScryptKDF(logN int) ScryptKDF { } s.R = 8 // Always 8 s.P = 1 // Always 1 - s.KeyLen = cryptocore.MaxKeyLen + s.KeyLen = cryptocore.KeyLen return s } @@ -98,8 +98,8 @@ func (s *ScryptKDF) validateParams() error { if len(s.Salt) < scryptMinSaltLen { return fmt.Errorf("Fatal: scrypt salt length below minimum: value=%d, min=%d", len(s.Salt), scryptMinSaltLen) } - if s.KeyLen < cryptocore.MinKeyLen { - return fmt.Errorf("Fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.MinKeyLen) + if s.KeyLen < cryptocore.KeyLen { + return fmt.Errorf("Fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.KeyLen) } return nil } diff --git a/internal/configfile/validate.go b/internal/configfile/validate.go index 333eea6..ad3728f 100644 --- a/internal/configfile/validate.go +++ b/internal/configfile/validate.go @@ -38,13 +38,16 @@ func (cf *ConfFile) Validate() error { return fmt.Errorf("XChaCha20Poly1305 requires HKDF feature flag") } } - if cf.IsFeatureFlagSet(FlagAegis) { + if cf.IsFeatureFlagSet(FlagAegis256X2) { if cf.IsFeatureFlagSet(FlagGCMIV128) { return fmt.Errorf("AEGIS conflicts with GCMIV128 feature flag") } + if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) { + return fmt.Errorf("AEGIS conflicts with XChaCha20Poly1305 feature flag") + } } // The absence of other flags means AES-GCM (oldest algorithm) - if !cf.IsFeatureFlagSet(FlagAegis) && !cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && !cf.IsFeatureFlagSet(FlagAESSIV) { + if !cf.IsFeatureFlagSet(FlagAegis256X2) && !cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && !cf.IsFeatureFlagSet(FlagAESSIV) { if !cf.IsFeatureFlagSet(FlagGCMIV128) { return fmt.Errorf("AES-GCM requires GCMIV128 feature flag") } |