|
|
|
@ -32,11 +32,11 @@ type AEADTypeEnum struct {
|
|
|
|
|
NonceSize int
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// BackendOpenSSL specifies the OpenSSL backend.
|
|
|
|
|
// BackendOpenSSL specifies the OpenSSL AES-256-GCM backend.
|
|
|
|
|
// "AES-GCM-256-OpenSSL" in gocryptfs -speed.
|
|
|
|
|
var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-OpenSSL", 16}
|
|
|
|
|
|
|
|
|
|
// BackendGoGCM specifies the Go based GCM backend.
|
|
|
|
|
// BackendGoGCM specifies the Go based AES-256-GCM backend.
|
|
|
|
|
// "AES-GCM-256-Go" in gocryptfs -speed.
|
|
|
|
|
var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-Go", 16}
|
|
|
|
|
|
|
|
|
@ -130,6 +130,8 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Panic(err)
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
log.Panicf("BUG: unhandled case: %v", aeadType)
|
|
|
|
|
}
|
|
|
|
|
for i := range gcmKey {
|
|
|
|
|
gcmKey[i] = 0
|
|
|
|
@ -154,7 +156,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
|
|
|
|
|
for i := range key64 {
|
|
|
|
|
key64[i] = 0
|
|
|
|
|
}
|
|
|
|
|
} else if aeadType == BackendXChaCha20Poly1305 {
|
|
|
|
|
} else if aeadType == BackendXChaCha20Poly1305 || aeadType == BackendXChaCha20Poly1305OpenSSL {
|
|
|
|
|
// We don't support legacy modes with XChaCha20-Poly1305
|
|
|
|
|
if IVBitLen != chacha20poly1305.NonceSizeX*8 {
|
|
|
|
|
log.Panicf("XChaCha20-Poly1305 must use 192-bit IVs, you wanted %d", IVBitLen)
|
|
|
|
@ -163,7 +165,13 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
|
|
|
|
|
log.Panic("XChaCha20-Poly1305 must use HKDF, but it is disabled")
|
|
|
|
|
}
|
|
|
|
|
derivedKey := hkdfDerive(key, hkdfInfoXChaChaPoly1305Content, chacha20poly1305.KeySize)
|
|
|
|
|
aeadCipher, err = chacha20poly1305.NewX(derivedKey)
|
|
|
|
|
if aeadType == BackendXChaCha20Poly1305 {
|
|
|
|
|
aeadCipher, err = chacha20poly1305.NewX(derivedKey)
|
|
|
|
|
} else if aeadType == BackendXChaCha20Poly1305OpenSSL {
|
|
|
|
|
aeadCipher = stupidgcm.NewXchacha20poly1305(derivedKey)
|
|
|
|
|
} else {
|
|
|
|
|
log.Panicf("BUG: unhandled case: %v", aeadType)
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Panic(err)
|
|
|
|
|
}
|
|
|
|
|