contentenc: rename constant "IVBitLen" to "DefaultIVBits" and clarify comment

128-bit IVs are NOT used everywhere.
2016-09-25 18:04:44 +02:00 · 2016-09-25 18:04:44 +02:00 · abd61d968d
parent b883dd10a6
commit abd61d968d
5 changed files with 9 additions and 8 deletions
--- a/gocryptfs-xray/xray_main.go
+++ b/gocryptfs-xray/xray_main.go
@ -12,7 +12,7 @@ import (
 )

 const (
-	IVLen     = contentenc.IVBitLen / 8
+	IVLen     = contentenc.DefaultIVBits / 8
 	blockSize = contentenc.DefaultBS + IVLen + cryptocore.AuthTagLen
 )

--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@ -16,8 +16,9 @@ type NonceMode int
 const (
 	// Default plaintext block size
 	DefaultBS = 4096
-	// We always use 128-bit IVs for file content encryption
-	IVBitLen = 128
+	// We always use 128-bit IVs for file content, but the
+	// key in the config file is encrypted with a 96-bit IV.
+	DefaultIVBits = 128

 	_                                   = iota // skip zero
 	RandomNonce               NonceMode = iota
--- a/internal/contentenc/content_test.go
+++ b/internal/contentenc/content_test.go
@ -23,7 +23,7 @@ func TestSplitRange(t *testing.T) {
 		testRange{6654, 8945})

 	key := make([]byte, cryptocore.KeyLen)
-	cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
+	cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits)
 	f := New(cc, DefaultBS)

 	for _, r := range ranges {
@ -51,7 +51,7 @@ func TestCiphertextRange(t *testing.T) {
 		testRange{6654, 8945})

 	key := make([]byte, cryptocore.KeyLen)
-	cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
+	cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits)
 	f := New(cc, DefaultBS)

 	for _, r := range ranges {
@ -74,7 +74,7 @@ func TestCiphertextRange(t *testing.T) {

 func TestBlockNo(t *testing.T) {
 	key := make([]byte, cryptocore.KeyLen)
-	cc := cryptocore.New(key, cryptocore.BackendOpenSSL, IVBitLen)
+	cc := cryptocore.New(key, cryptocore.BackendOpenSSL, DefaultIVBits)
 	f := New(cc, DefaultBS)

 	b := f.CipherOffToBlockNo(788)
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@ -37,7 +37,7 @@ type FS struct {

 // Encrypted FUSE overlay filesystem
 func NewFS(args Args) *FS {
-	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.IVBitLen)
+	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
 	nameTransform := nametransform.New(cryptoCore, args.LongNames)

--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@ -44,7 +44,7 @@ type reverseFS struct {

 // Encrypted FUSE overlay filesystem
 func NewFS(args fusefrontend.Args) *reverseFS {
-	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.IVBitLen)
+	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
 	nameTransform := nametransform.New(cryptoCore, args.LongNames)