From 779a850e0fb967aac79124c7e18b14706d5f2652 Mon Sep 17 00:00:00 2001
From: Frank Denis
Date: Tue, 25 Feb 2025 15:03:50 +0100
Subject: Add optional support for AEGIS encryption

AEGIS is a new family of authenticated encryption algorithms that offers
stronger security, higher usage limits, and better performance than AES-GCM.

This pull request adds support for a new `-aegis` command-line flag, allowing
AEGIS-128X2 to be used as an alternative to AES-GCM on CPUs with AES acceleration.

It also introduces the ability to use ciphers with different key sizes.

More information on AEGIS is available here:
- https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html
- https://github.com/cfrg/draft-irtf-cfrg-aegis-aead

gocryptfs -speed speed on Apple M1:

AES-GCM-256-OpenSSL              3718.79 MB/s
AES-GCM-256-Go                   5083.43 MB/s   (selected in auto mode)
AES-SIV-512-Go                    625.20 MB/s
XChaCha20-Poly1305-OpenSSL       1358.63 MB/s   (selected in auto mode)
XChaCha20-Poly1305-Go             832.11 MB/s
Aegis128X2-Go                   11818.73 MB/s

gocryptfs -speed speed on AMD Zen 4:

AES-GCM-256-OpenSSL              5215.86 MB/s
AES-GCM-256-Go                   6918.01 MB/s   (selected in auto mode)
AES-SIV-512-Go                    449.61 MB/s
XChaCha20-Poly1305-OpenSSL       2643.48 MB/s
XChaCha20-Poly1305-Go            3727.46 MB/s   (selected in auto mode)
Aegis128X2-Go                   28109.92 MB/s
---
 internal/configfile/scrypt.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'internal/configfile/scrypt.go')

diff --git a/internal/configfile/scrypt.go b/internal/configfile/scrypt.go
index 0ce8777..b82a431 100644
--- a/internal/configfile/scrypt.go
+++ b/internal/configfile/scrypt.go
@@ -49,7 +49,7 @@ type ScryptKDF struct {
 // NewScryptKDF returns a new instance of ScryptKDF.
 func NewScryptKDF(logN int) ScryptKDF {
 	var s ScryptKDF
-	s.Salt = cryptocore.RandBytes(cryptocore.KeyLen)
+	s.Salt = cryptocore.RandBytes(cryptocore.MaxKeyLen)
 	if logN <= 0 {
 		s.N = 1 << ScryptDefaultLogN
 	} else {
@@ -57,7 +57,7 @@ func NewScryptKDF(logN int) ScryptKDF {
 	}
 	s.R = 8 // Always 8
 	s.P = 1 // Always 1
-	s.KeyLen = cryptocore.KeyLen
+	s.KeyLen = cryptocore.MaxKeyLen
 	return s
 }
 
@@ -98,8 +98,8 @@ func (s *ScryptKDF) validateParams() error {
 	if len(s.Salt) < scryptMinSaltLen {
 		return fmt.Errorf("Fatal: scrypt salt length below minimum: value=%d, min=%d", len(s.Salt), scryptMinSaltLen)
 	}
-	if s.KeyLen < cryptocore.KeyLen {
-		return fmt.Errorf("Fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.KeyLen)
+	if s.KeyLen < cryptocore.MinKeyLen {
+		return fmt.Errorf("Fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.MinKeyLen)
 	}
 	return nil
 }
-- 
cgit v1.2.3