Major refactoring: Split up "cryptfs" into several internal packages

"git status" for reference:

deleted:    cryptfs/cryptfs.go
deleted:    cryptfs/names_core.go
modified:   integration_tests/cli_test.go
modified:   integration_tests/helpers.go
renamed:    cryptfs/config_file.go -> internal/configfile/config_file.go
renamed:    cryptfs/config_test.go -> internal/configfile/config_test.go
renamed:    cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed:    cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed:    cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed:    cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed:    cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed:    cryptfs/kdf.go -> internal/configfile/kdf.go
renamed:    cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed:    cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file:   internal/contentenc/content_api.go
renamed:    cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed:    cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed:    cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed:    cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file:   internal/cryptocore/crypto_api.go
renamed:    cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed:    cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed:    cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed:    cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed:    cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed:    cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file:   internal/nametransform/name_api.go
new file:   internal/nametransform/names_core.go
renamed:    cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed:    cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed:    cryptfs/names_test.go -> internal/nametransform/names_test.go
new file:   internal/nametransform/pad16.go
renamed:    cryptfs/log.go -> internal/toggledlog/log.go
renamed:    cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed:    cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified:   main.go
modified:   masterkey.go
modified:   pathfs_frontend/file.go
modified:   pathfs_frontend/file_holes.go
modified:   pathfs_frontend/fs.go
modified:   pathfs_frontend/fs_dir.go
modified:   pathfs_frontend/names.go
modified:   test.bash

1 files changed, 0 insertions, 129 deletions

diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go
deleted file mode 100644
index 2036e58..0000000
--- a/cryptfs/cryptfs_content.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package cryptfs
-
-// File content encryption / decryption
-
-import (
-	"bytes"
-	"crypto/cipher"
-	"crypto/md5"
-	"encoding/binary"
-	"encoding/hex"
-	"errors"
-	"os"
-)
-
-// md5sum - debug helper, return md5 hex string
-func md5sum(buf []byte) string {
-	rawHash := md5.Sum(buf)
-	hash := hex.EncodeToString(rawHash[:])
-	return hash
-}
-
-type CryptFile struct {
-	file *os.File
-	gcm  cipher.AEAD
-}
-
-// DecryptBlocks - Decrypt a number of blocks
-func (be *CryptFS) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error) {
-	cBuf := bytes.NewBuffer(ciphertext)
-	var err error
-	var pBuf bytes.Buffer
-	for cBuf.Len() > 0 {
-		cBlock := cBuf.Next(int(be.cipherBS))
-		var pBlock []byte
-		pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileId)
-		if err != nil {
-			break
-		}
-		pBuf.Write(pBlock)
-		firstBlockNo++
-	}
-	return pBuf.Bytes(), err
-}
-
-// DecryptBlock - Verify and decrypt GCM block
-//
-// Corner case: A full-sized block of all-zero ciphertext bytes is translated
-// to an all-zero plaintext block, i.e. file hole passtrough.
-func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte) ([]byte, error) {
-
-	// Empty block?
-	if len(ciphertext) == 0 {
-		return ciphertext, nil
-	}
-
-	// All-zero block?
-	if bytes.Equal(ciphertext, be.allZeroBlock) {
-		Debug.Printf("DecryptBlock: file hole encountered")
-		return make([]byte, be.plainBS), nil
-	}
-
-	if len(ciphertext) < be.gcmIVLen {
-		Warn.Printf("DecryptBlock: Block is too short: %d bytes", len(ciphertext))
-		return nil, errors.New("Block is too short")
-	}
-
-	// Extract nonce
-	nonce := ciphertext[:be.gcmIVLen]
-	ciphertextOrig := ciphertext
-	ciphertext = ciphertext[be.gcmIVLen:]
-
-	// Decrypt
-	var plaintext []byte
-	aData := make([]byte, 8)
-	aData = append(aData, fileId...)
-	binary.BigEndian.PutUint64(aData, blockNo)
-	plaintext, err := be.gcm.Open(plaintext, nonce, ciphertext, aData)
-
-	if err != nil {
-		Warn.Printf("DecryptBlock: %s, len=%d, md5=%s", err.Error(), len(ciphertextOrig), md5sum(ciphertextOrig))
-		Debug.Println(hex.Dump(ciphertextOrig))
-		return nil, err
-	}
-
-	return plaintext, nil
-}
-
-// encryptBlock - Encrypt and add IV and MAC
-func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte {
-
-	// Empty block?
-	if len(plaintext) == 0 {
-		return plaintext
-	}
-
-	// Get fresh nonce
-	nonce := be.gcmIVGen.Get()
-
-	// Authenticate block with block number and file ID
-	aData := make([]byte, 8)
-	binary.BigEndian.PutUint64(aData, blockNo)
-	aData = append(aData, fileID...)
-
-	// Encrypt plaintext and append to nonce
-	ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData)
-
-	return ciphertext
-}
-
-// MergeBlocks - Merge newData into oldData at offset
-// New block may be bigger than both newData and oldData
-func (be *CryptFS) MergeBlocks(oldData []byte, newData []byte, offset int) []byte {
-
-	// Make block of maximum size
-	out := make([]byte, be.plainBS)
-
-	// Copy old and new data into it
-	copy(out, oldData)
-	l := len(newData)
-	copy(out[offset:offset+l], newData)
-
-	// Crop to length
-	outLen := len(oldData)
-	newLen := offset + len(newData)
-	if outLen < newLen {
-		outLen = newLen
-	}
-	return out[0:outLen]
-}