From 779a850e0fb967aac79124c7e18b14706d5f2652 Mon Sep 17 00:00:00 2001
From: Frank Denis
Date: Tue, 25 Feb 2025 15:03:50 +0100
Subject: Add optional support for AEGIS encryption

AEGIS is a new family of authenticated encryption algorithms that offers
stronger security, higher usage limits, and better performance than AES-GCM.

This pull request adds support for a new `-aegis` command-line flag, allowing
AEGIS-128X2 to be used as an alternative to AES-GCM on CPUs with AES acceleration.

It also introduces the ability to use ciphers with different key sizes.

More information on AEGIS is available here:
- https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html
- https://github.com/cfrg/draft-irtf-cfrg-aegis-aead

gocryptfs -speed speed on Apple M1:

AES-GCM-256-OpenSSL              3718.79 MB/s
AES-GCM-256-Go                   5083.43 MB/s   (selected in auto mode)
AES-SIV-512-Go                    625.20 MB/s
XChaCha20-Poly1305-OpenSSL       1358.63 MB/s   (selected in auto mode)
XChaCha20-Poly1305-Go             832.11 MB/s
Aegis128X2-Go                   11818.73 MB/s

gocryptfs -speed speed on AMD Zen 4:

AES-GCM-256-OpenSSL              5215.86 MB/s
AES-GCM-256-Go                   6918.01 MB/s   (selected in auto mode)
AES-SIV-512-Go                    449.61 MB/s
XChaCha20-Poly1305-OpenSSL       2643.48 MB/s
XChaCha20-Poly1305-Go            3727.46 MB/s   (selected in auto mode)
Aegis128X2-Go                   28109.92 MB/s
---
 masterkey.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'masterkey.go')

diff --git a/masterkey.go b/masterkey.go
index d488441..90f0adf 100644
--- a/masterkey.go
+++ b/masterkey.go
@@ -20,8 +20,8 @@ func unhexMasterKey(masterkey string, fromStdin bool) []byte {
 		tlog.Fatal.Printf("Could not parse master key: %v", err)
 		os.Exit(exitcodes.MasterKey)
 	}
-	if len(key) != cryptocore.KeyLen {
-		tlog.Fatal.Printf("Master key has length %d but we require length %d", len(key), cryptocore.KeyLen)
+	if len(key) != cryptocore.MaxKeyLen {
+		tlog.Fatal.Printf("Master key has length %d but we require length %d", len(key), cryptocore.MaxKeyLen)
 		os.Exit(exitcodes.MasterKey)
 	}
 	tlog.Info.Printf("Using explicit master key.")
@@ -56,7 +56,7 @@ func handleArgsMasterkey(args *argContainer) (masterkey []byte) {
 		tlog.Info.Printf(tlog.ColorYellow +
 			"ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
 			tlog.ColorReset)
-		return make([]byte, cryptocore.KeyLen)
+		return make([]byte, cryptocore.MaxKeyLen)
 	}
 	// No master key source specified on the command line. Caller must parse
 	// the config file.
-- 
cgit v1.2.3