configfile: switch to 128-bit IVs for master key encryption

There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
This commit is contained in:
Jakob Unterwurzacher 2017-03-05 18:03:03 +01:00
parent a8d154765a
commit b732881518
3 changed files with 14 additions and 7 deletions

View File

@ -154,9 +154,15 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
scryptHash := cf.ScryptObject.DeriveKey(password) scryptHash := cf.ScryptObject.DeriveKey(password)
// Unlock master key using password-based key // Unlock master key using password-based key
// We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs, // gocryptfs v1.2 and older used 96-bit IVs for master key encryption.
// speed is not important and we get better error messages // v1.3 and up use 128 bits, which makes EncryptedKey longer (64 bytes).
cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) IVLen := contentenc.DefaultIVBits
if len(cf.EncryptedKey) == 60 {
IVLen = 96
}
// We use stock Go GCM instead of OpenSSL as speed is not
// important and we get better error messages
cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, IVLen)
ce := contentenc.New(cc, 4096) ce := contentenc.New(cc, 4096)
tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password
@ -180,7 +186,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
scryptHash := cf.ScryptObject.DeriveKey(password) scryptHash := cf.ScryptObject.DeriveKey(password)
// Lock master key using password-based key // Lock master key using password-based key
cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, 96) cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, contentenc.DefaultIVBits)
ce := contentenc.New(cc, 4096) ce := contentenc.New(cc, 4096)
cf.EncryptedKey = ce.EncryptBlock(key, 0, nil) cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
} }

View File

@ -20,7 +20,8 @@ const (
DefaultBS = 4096 DefaultBS = 4096
// DefaultIVBits is the default length of IV, in bits. // DefaultIVBits is the default length of IV, in bits.
// We always use 128-bit IVs for file content, but the // We always use 128-bit IVs for file content, but the
// key in the config file is encrypted with a 96-bit IV. // master key in the config file is encrypted with a 96-bit IV for
// gocryptfs v1.2 and earlier. v1.3 switched to 128 bit.
DefaultIVBits = 128 DefaultIVBits = 128
_ = iota // skip zero _ = iota // skip zero

View File

@ -49,8 +49,8 @@ type CryptoCore struct {
// New returns a new CryptoCore object or panics. // New returns a new CryptoCore object or panics.
// //
// Even though the "GCMIV128" feature flag is now mandatory, we must still // Even though the "GCMIV128" feature flag is now mandatory, we must still
// support 96-bit IVs here because they are used for encrypting the master // support 96-bit IVs here because they were used for encrypting the master
// key in gocryptfs.conf. // key in gocryptfs.conf up to gocryptfs v1.2. v1.3 switched to 128 bits.
func New(key []byte, aeadType AEADTypeEnum, IVBitLen int) *CryptoCore { func New(key []byte, aeadType AEADTypeEnum, IVBitLen int) *CryptoCore {
if len(key) != KeyLen { if len(key) != KeyLen {
log.Panic(fmt.Sprintf("Unsupported key length %d", len(key))) log.Panic(fmt.Sprintf("Unsupported key length %d", len(key)))