From e9bb8b800c6c724125ccd862f4d20946317b31f5 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Mon, 26 Sep 2016 23:25:13 +0200
Subject: reverse: switch from GCM-SIV to AES-SIV

GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
---
 internal/contentenc/content.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'internal/contentenc/content.go')

diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 7561859..86be7d5 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -105,8 +105,8 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []b
 
 	// Extract nonce
 	nonce := ciphertext[:be.cryptoCore.IVLen]
-	if bytes.Equal(nonce, be.allZeroNonce) && be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
-		panic("Hit an all-zero nonce with GCMSIV off. This MUST NOT happen!")
+	if bytes.Equal(nonce, be.allZeroNonce) {
+		panic("Hit an all-zero nonce. This MUST NOT happen!")
 	}
 	ciphertextOrig := ciphertext
 	ciphertext = ciphertext[be.cryptoCore.IVLen:]
@@ -150,13 +150,13 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
 	var nonce []byte
 	switch nMode {
 	case ExternalNonce:
-		if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
-			panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
+		if be.cryptoCore.AEADBackend != cryptocore.BackendAESSIV {
+			panic("MUST NOT use deterministic nonces unless in AESSIV mode!")
 		}
 		nonce = externalNonce
 	case ReverseDeterministicNonce:
-		if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
-			panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
+		if be.cryptoCore.AEADBackend != cryptocore.BackendAESSIV {
+			panic("MUST NOT use deterministic nonces unless in AESSIV mode!")
 		}
 		l := be.cryptoCore.IVLen
 		nonce = make([]byte, l)
-- 
cgit v1.2.3