From 94e8004b6ce497dafd13e8c3f6f6596b49169970 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Wed, 8 Sep 2021 20:32:16 +0200
Subject: Make -openssl also apply to xchacha

Now that stupidgcm supports xchacha, make it available
on mount.
---
 internal/cryptocore/cryptocore.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'internal')

diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index d7b7527..dd7c98b 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -32,11 +32,11 @@ type AEADTypeEnum struct {
 	NonceSize int
 }
 
-// BackendOpenSSL specifies the OpenSSL backend.
+// BackendOpenSSL specifies the OpenSSL AES-256-GCM backend.
 // "AES-GCM-256-OpenSSL" in gocryptfs -speed.
 var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-OpenSSL", 16}
 
-// BackendGoGCM specifies the Go based GCM backend.
+// BackendGoGCM specifies the Go based AES-256-GCM backend.
 // "AES-GCM-256-Go" in gocryptfs -speed.
 var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-Go", 16}
 
@@ -130,6 +130,8 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
 			if err != nil {
 				log.Panic(err)
 			}
+		default:
+			log.Panicf("BUG: unhandled case: %v", aeadType)
 		}
 		for i := range gcmKey {
 			gcmKey[i] = 0
@@ -154,7 +156,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
 		for i := range key64 {
 			key64[i] = 0
 		}
-	} else if aeadType == BackendXChaCha20Poly1305 {
+	} else if aeadType == BackendXChaCha20Poly1305 || aeadType == BackendXChaCha20Poly1305OpenSSL {
 		// We don't support legacy modes with XChaCha20-Poly1305
 		if IVBitLen != chacha20poly1305.NonceSizeX*8 {
 			log.Panicf("XChaCha20-Poly1305 must use 192-bit IVs, you wanted %d", IVBitLen)
@@ -163,7 +165,13 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
 			log.Panic("XChaCha20-Poly1305 must use HKDF, but it is disabled")
 		}
 		derivedKey := hkdfDerive(key, hkdfInfoXChaChaPoly1305Content, chacha20poly1305.KeySize)
-		aeadCipher, err = chacha20poly1305.NewX(derivedKey)
+		if aeadType == BackendXChaCha20Poly1305 {
+			aeadCipher, err = chacha20poly1305.NewX(derivedKey)
+		} else if aeadType == BackendXChaCha20Poly1305OpenSSL {
+			aeadCipher = stupidgcm.NewXchacha20poly1305(derivedKey)
+		} else {
+			log.Panicf("BUG: unhandled case: %v", aeadType)
+		}
 		if err != nil {
 			log.Panic(err)
 		}
-- 
cgit v1.2.3