summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/configfile/config_file.go14
-rw-r--r--internal/contentenc/content.go3
-rw-r--r--internal/cryptocore/cryptocore.go4
3 files changed, 14 insertions, 7 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 1233d8a..d28b1d4 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -154,9 +154,15 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
scryptHash := cf.ScryptObject.DeriveKey(password)
// Unlock master key using password-based key
- // We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs,
- // speed is not important and we get better error messages
- cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96)
+ // gocryptfs v1.2 and older used 96-bit IVs for master key encryption.
+ // v1.3 and up use 128 bits, which makes EncryptedKey longer (64 bytes).
+ IVLen := contentenc.DefaultIVBits
+ if len(cf.EncryptedKey) == 60 {
+ IVLen = 96
+ }
+ // We use stock Go GCM instead of OpenSSL as speed is not
+ // important and we get better error messages
+ cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, IVLen)
ce := contentenc.New(cc, 4096)
tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password
@@ -180,7 +186,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
scryptHash := cf.ScryptObject.DeriveKey(password)
// Lock master key using password-based key
- cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96)
+ cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, contentenc.DefaultIVBits)
ce := contentenc.New(cc, 4096)
cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
}
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 322163a..a2a263c 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -20,7 +20,8 @@ const (
DefaultBS = 4096
// DefaultIVBits is the default length of IV, in bits.
// We always use 128-bit IVs for file content, but the
- // key in the config file is encrypted with a 96-bit IV.
+ // master key in the config file is encrypted with a 96-bit IV for
+ // gocryptfs v1.2 and earlier. v1.3 switched to 128 bit.
DefaultIVBits = 128
_ = iota // skip zero
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 735c409..7e1d238 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -49,8 +49,8 @@ type CryptoCore struct {
// New returns a new CryptoCore object or panics.
//
// Even though the "GCMIV128" feature flag is now mandatory, we must still
-// support 96-bit IVs here because they are used for encrypting the master
-// key in gocryptfs.conf.
+// support 96-bit IVs here because they were used for encrypting the master
+// key in gocryptfs.conf up to gocryptfs v1.2. v1.3 switched to 128 bits.
func New(key []byte, aeadType AEADTypeEnum, IVBitLen int) *CryptoCore {
if len(key) != KeyLen {
log.Panic(fmt.Sprintf("Unsupported key length %d", len(key)))