cryptocore: drop IVLen helper var

The IVLen var seems be a net loss in clarity. Drop it.

Also add comments and normalize error messages.
This commit is contained in:
Jakob Unterwurzacher 2021-08-21 10:55:20 +02:00
parent f6be765ef6
commit 2da0e13b1d

View File

@ -59,6 +59,7 @@ type CryptoCore struct {
AEADBackend AEADTypeEnum AEADBackend AEADTypeEnum
// GCM needs unique IVs (nonces) // GCM needs unique IVs (nonces)
IVGenerator *nonceGenerator IVGenerator *nonceGenerator
// IVLen in bytes
IVLen int IVLen int
} }
@ -75,10 +76,11 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
len(key), aeadType, IVBitLen, useHKDF, forceDecode) len(key), aeadType, IVBitLen, useHKDF, forceDecode)
if len(key) != KeyLen { if len(key) != KeyLen {
log.Panic(fmt.Sprintf("Unsupported key length %d", len(key))) log.Panicf("Unsupported key length of %d bytes", len(key))
}
if IVBitLen != 96 && IVBitLen != 128 {
log.Panicf("Unsupported IV length of %d bits", IVBitLen)
} }
// We want the IV size in bytes
IVLen := IVBitLen / 8
// Initialize EME for filename encryption. // Initialize EME for filename encryption.
var emeCipher *eme.EMECipher var emeCipher *eme.EMECipher
@ -107,12 +109,14 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
if useHKDF { if useHKDF {
gcmKey = hkdfDerive(key, hkdfInfoGCMContent, KeyLen) gcmKey = hkdfDerive(key, hkdfInfoGCMContent, KeyLen)
} else { } else {
// Filesystems created by gocryptfs v0.7 through v1.2 don't use HKDF.
// Example: tests/example_filesystems/v0.9
gcmKey = append([]byte{}, key...) gcmKey = append([]byte{}, key...)
} }
switch aeadType { switch aeadType {
case BackendOpenSSL: case BackendOpenSSL:
if IVLen != 16 { if IVBitLen != 128 {
log.Panic("stupidgcm only supports 128-bit IVs") log.Panicf("stupidgcm only supports 128-bit IVs, you wanted %d", IVBitLen)
} }
aeadCipher = stupidgcm.New(gcmKey, forceDecode) aeadCipher = stupidgcm.New(gcmKey, forceDecode)
case BackendGoGCM: case BackendGoGCM:
@ -120,7 +124,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
if err != nil { if err != nil {
log.Panic(err) log.Panic(err)
} }
aeadCipher, err = cipher.NewGCMWithNonceSize(goGcmBlockCipher, IVLen) aeadCipher, err = cipher.NewGCMWithNonceSize(goGcmBlockCipher, IVBitLen/8)
if err != nil { if err != nil {
log.Panic(err) log.Panic(err)
} }
@ -129,9 +133,9 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
gcmKey[i] = 0 gcmKey[i] = 0
} }
} else if aeadType == BackendAESSIV { } else if aeadType == BackendAESSIV {
if IVLen != 16 { if IVBitLen != 128 {
// SIV supports any nonce size, but we only use 16. // SIV supports any nonce size, but we only use 128.
log.Panic("AES-SIV must use 16-byte nonces") log.Panicf("AES-SIV must use 128-bit IVs, you wanted %d", IVBitLen)
} }
// AES-SIV uses 1/2 of the key for authentication, 1/2 for // AES-SIV uses 1/2 of the key for authentication, 1/2 for
// encryption, so we need a 64-bytes key for AES-256. Derive it from // encryption, so we need a 64-bytes key for AES-256. Derive it from
@ -156,8 +160,8 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
EMECipher: emeCipher, EMECipher: emeCipher,
AEADCipher: aeadCipher, AEADCipher: aeadCipher,
AEADBackend: aeadType, AEADBackend: aeadType,
IVGenerator: &nonceGenerator{nonceLen: IVLen}, IVGenerator: &nonceGenerator{nonceLen: IVBitLen / 8},
IVLen: IVLen, IVLen: IVBitLen / 8,
} }
} }