diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/configfile/config_file.go | 14 | ||||
| -rw-r--r-- | internal/contentenc/content.go | 3 | ||||
| -rw-r--r-- | internal/cryptocore/cryptocore.go | 4 |
3 files changed, 14 insertions, 7 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 1233d8a..d28b1d4 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -154,9 +154,15 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { scryptHash := cf.ScryptObject.DeriveKey(password) // Unlock master key using password-based key - // We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs, - // speed is not important and we get better error messages - cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) + // gocryptfs v1.2 and older used 96-bit IVs for master key encryption. + // v1.3 and up use 128 bits, which makes EncryptedKey longer (64 bytes). + IVLen := contentenc.DefaultIVBits + if len(cf.EncryptedKey) == 60 { + IVLen = 96 + } + // We use stock Go GCM instead of OpenSSL as speed is not + // important and we get better error messages + cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, IVLen) ce := contentenc.New(cc, 4096) tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password @@ -180,7 +186,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) { scryptHash := cf.ScryptObject.DeriveKey(password) // Lock master key using password-based key - cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) + cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, contentenc.DefaultIVBits) ce := contentenc.New(cc, 4096) cf.EncryptedKey = ce.EncryptBlock(key, 0, nil) } diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 322163a..a2a263c 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -20,7 +20,8 @@ const ( DefaultBS = 4096 // DefaultIVBits is the default length of IV, in bits. // We always use 128-bit IVs for file content, but the - // key in the config file is encrypted with a 96-bit IV. + // master key in the config file is encrypted with a 96-bit IV for + // gocryptfs v1.2 and earlier. v1.3 switched to 128 bit. DefaultIVBits = 128 _ = iota // skip zero diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 735c409..7e1d238 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -49,8 +49,8 @@ type CryptoCore struct { // New returns a new CryptoCore object or panics. // // Even though the "GCMIV128" feature flag is now mandatory, we must still -// support 96-bit IVs here because they are used for encrypting the master -// key in gocryptfs.conf. +// support 96-bit IVs here because they were used for encrypting the master +// key in gocryptfs.conf up to gocryptfs v1.2. v1.3 switched to 128 bits. func New(key []byte, aeadType AEADTypeEnum, IVBitLen int) *CryptoCore { if len(key) != KeyLen { log.Panic(fmt.Sprintf("Unsupported key length %d", len(key))) |