From 7f87ed78f2f27831f2fa9409106846e3288c6f6e Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Tue, 20 Sep 2016 21:58:04 +0200
Subject: cryptocore: add support for GCM-SIV

---
 internal/configfile/config_file.go   | 4 ++--
 internal/configfile/feature_flags.go | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'internal/configfile')

diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index b36980f..178890b 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -139,7 +139,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 	// Unlock master key using password-based key
 	// We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs,
 	// speed is not important and we get better error messages
-	cc := cryptocore.New(scryptHash, false, false)
+	cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96)
 	ce := contentenc.New(cc, 4096)
 
 	tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password
@@ -163,7 +163,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
 	scryptHash := cf.ScryptObject.DeriveKey(password)
 
 	// Lock master key using password-based key
-	cc := cryptocore.New(scryptHash, false, false)
+	cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96)
 	ce := contentenc.New(cc, 4096)
 	cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
 }
diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go
index bac8ce8..90b8c22 100644
--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@@ -8,6 +8,7 @@ const (
 	FlagEMENames
 	FlagGCMIV128
 	FlagLongNames
+	FlagGCMSIV
 )
 
 // knownFlags stores the known feature flags and their string representation
@@ -17,6 +18,7 @@ var knownFlags map[flagIota]string = map[flagIota]string{
 	FlagEMENames:       "EMENames",
 	FlagGCMIV128:       "GCMIV128",
 	FlagLongNames:      "LongNames",
+	FlagGCMSIV:         "GCMSIV",
 }
 
 // Filesystems that do not have these feature flags set are deprecated.
@@ -27,7 +29,7 @@ var requiredFlagsNormal []flagIota = []flagIota{
 }
 
 // Filesystems without filename encryption obviously don't have or need the
-// related feature flags.
+// filename related feature flags.
 var requiredFlagsPlaintextNames []flagIota = []flagIota{
 	FlagGCMIV128,
 }
-- 
cgit v1.2.3