diff options
Diffstat (limited to 'internal/cryptocore')
| -rw-r--r-- | internal/cryptocore/cryptocore.go | 17 | ||||
| -rw-r--r-- | internal/cryptocore/nonce.go | 4 |
2 files changed, 14 insertions, 7 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 05c0704..7cb5c95 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -12,18 +12,25 @@ import ( "github.com/rfjakob/gocryptfs/internal/stupidgcm" ) +// BackendTypeEnum indicates the type of backend in use. type BackendTypeEnum int const ( - KeyLen = 32 // AES-256 + // KeyLen is the cipher key length in bytes. 32 for AES-256. + KeyLen = 32 + // AuthTagLen is the length of a GCM auth tag in bytes. AuthTagLen = 16 - _ = iota // Skip zero + _ = iota // Skip zero + // BackendOpenSSL specifies the OpenSSL backend. BackendOpenSSL BackendTypeEnum = iota - BackendGoGCM BackendTypeEnum = iota - BackendAESSIV BackendTypeEnum = iota + // BackendGoGCM specifies the Go based GCM backend. + BackendGoGCM BackendTypeEnum = iota + // BackendAESSIV specifies an AESSIV backend. + BackendAESSIV BackendTypeEnum = iota ) +// CryptoCore is the low level crypto implementation. type CryptoCore struct { // AES-256 block cipher. This is used for EME filename encryption. BlockCipher cipher.Block @@ -36,7 +43,7 @@ type CryptoCore struct { IVLen int } -// "New" returns a new CryptoCore object or panics. +// New returns a new CryptoCore object or panics. // // Even though the "GCMIV128" feature flag is now mandatory, we must still // support 96-bit IVs here because they are used for encrypting the master diff --git a/internal/cryptocore/nonce.go b/internal/cryptocore/nonce.go index 6b0c31d..973d2d8 100644 --- a/internal/cryptocore/nonce.go +++ b/internal/cryptocore/nonce.go @@ -10,7 +10,7 @@ import ( "github.com/rfjakob/gocryptfs/internal/tlog" ) -// Get "n" random bytes from /dev/urandom or panic +// RandBytes gets "n" random bytes from /dev/urandom or panics func RandBytes(n int) []byte { b := make([]byte, n) _, err := rand.Read(b) @@ -20,7 +20,7 @@ func RandBytes(n int) []byte { return b } -// Return a secure random uint64 +// RandUint64 returns a secure random uint64 func RandUint64() uint64 { b := RandBytes(8) return binary.BigEndian.Uint64(b) |