summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-03-05 13:58:24 +0100
committerJakob Unterwurzacher2017-03-05 13:58:24 +0100
commite032539e2c09cd4d1f007d33d7ef97b0fec689ed (patch)
tree0dddfa591a048c8494580cef954c365aa32eced0
parentb2f154a9a908e6ec097de90c04ce45118adc76de (diff)
cryptocore: use eme v1.1 interface
Version 1.1 of the EME package (github.com/rfjakob/eme) added a more convenient interface. Use it. Note that you have to upgrade your EME package (go get -u)!
-rw-r--r--internal/cryptocore/cryptocore.go11
-rw-r--r--internal/fusefrontend/fs.go2
-rw-r--r--internal/fusefrontend_reverse/rfs.go2
-rw-r--r--internal/nametransform/names.go15
4 files changed, 16 insertions, 14 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 13b278f..d3af7de 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -9,6 +9,8 @@ import (
"fmt"
"log"
+ "github.com/rfjakob/eme"
+
"github.com/rfjakob/gocryptfs/internal/siv_aead"
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
)
@@ -33,8 +35,8 @@ const (
// CryptoCore is the low level crypto implementation.
type CryptoCore struct {
- // AES-256 block cipher. This is used for EME filename encryption.
- BlockCipher cipher.Block
+ // EME is used for filename encryption.
+ EMECipher *eme.EMECipher
// GCM or AES-SIV. This is used for content encryption.
AEADCipher cipher.AEAD
// Which backend is behind AEADCipher?
@@ -56,12 +58,13 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
// We want the IV size in bytes
IVLen := IVBitLen / 8
- // Name encryption always uses built-in Go AES through BlockCipher.
+ // Name encryption always uses built-in Go AES through blockCipher.
// Content encryption uses BlockCipher only if useOpenssl=false.
blockCipher, err := aes.NewCipher(key)
if err != nil {
log.Panic(err)
}
+ emeCipher := eme.New(blockCipher)
var aeadCipher cipher.AEAD
switch backend {
@@ -90,7 +93,7 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
}
return &CryptoCore{
- BlockCipher: blockCipher,
+ EMECipher: emeCipher,
AEADCipher: aeadCipher,
AEADBackend: backend,
IVGenerator: &nonceGenerator{nonceLen: IVLen},
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index e6e9bdf..e0fdc48 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -42,7 +42,7 @@ var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
func NewFS(args Args) *FS {
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
- nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
+ nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
return &FS{
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index bb3b0e5..55431b6 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -59,7 +59,7 @@ func NewFS(args fusefrontend.Args) *ReverseFS {
initLongnameCache()
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
- nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
+ nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
return &ReverseFS{
// pathfs.defaultFileSystem returns ENOSYS for all operations
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index ddb5faa..feec017 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -8,13 +8,12 @@ import (
"github.com/rfjakob/eme"
- "github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
// NameTransform is used to transform filenames.
type NameTransform struct {
- cryptoCore *cryptocore.CryptoCore
+ emeCipher *eme.EMECipher
longNames bool
DirIVCache dirIVCache
// b64 = either base64.URLEncoding or base64.RawURLEncoding
@@ -22,15 +21,15 @@ type NameTransform struct {
}
// New returns a new NameTransform instance.
-func New(c *cryptocore.CryptoCore, longNames bool, raw64 bool) *NameTransform {
+func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
b64 := base64.URLEncoding
if raw64 {
b64 = getRaw64Encoding()
}
return &NameTransform{
- cryptoCore: c,
- longNames: longNames,
- b64: b64,
+ emeCipher: e,
+ longNames: longNames,
+ b64: b64,
}
}
@@ -47,7 +46,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
tlog.Debug.Printf("DecryptName %q: decoded length %d is not a multiple of 16", cipherName, len(bin))
return "", syscall.EINVAL
}
- bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt)
+ bin = n.emeCipher.Decrypt(iv, bin)
bin, err = unPad16(bin)
if err != nil {
tlog.Debug.Printf("pad16 error detail: %v", err)
@@ -69,7 +68,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
bin := []byte(plainName)
bin = pad16(bin)
- bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt)
+ bin = n.emeCipher.Encrypt(iv, bin)
cipherName64 = n.b64.EncodeToString(bin)
return cipherName64
}