From 7395b8e9905aa0f09be0646eb89a2e20afb38c0c Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 31 Jul 2016 13:36:38 +0200
Subject: cryptocore: comment why 96-bit IVs are still supported

---
 internal/cryptocore/cryptocore.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'internal')

diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index a9731be..1839aa2 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -23,6 +23,10 @@ type CryptoCore struct {
 }
 
 // "New" returns a new CryptoCore object or panics.
+//
+// Even though the "GCMIV128" feature flag is now mandatory, we must still
+// support 96-bit IVs here because they are used for encrypting the master
+// key in gocryptfs.conf.
 func New(key []byte, useOpenssl bool, GCMIV128 bool) *CryptoCore {
 
 	if len(key) != KeyLen {
@@ -35,8 +39,8 @@ func New(key []byte, useOpenssl bool, GCMIV128 bool) *CryptoCore {
 		IVLen = 128 / 8
 	}
 
-	// We always use built-in Go crypto for blockCipher because it is not
-	// performance-critical.
+	// Name encryption always uses built-in Go AES through BlockCipher.
+	// Content encryption uses BlockCipher only if useOpenssl=false.
 	blockCipher, err := aes.NewCipher(key)
 	if err != nil {
 		panic(err)
-- 
cgit v1.2.3