diff options
| author | Jakob Unterwurzacher | 2016-02-06 19:20:54 +0100 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2016-02-06 19:22:35 +0100 |
| commit | 2b8cbd944149afe51fadddbd67ee4499d1d86250 (patch) | |
| tree | 76361984cc4394bbb9b19ae987aeaff71fb6073b /cryptfs/openssl_aead.go | |
| parent | adcfbd79a8b8bb85cbee25996ab622a05de0dbc1 (diff) | |
Major refactoring: Split up "cryptfs" into several internal packages
"git status" for reference:
deleted: cryptfs/cryptfs.go
deleted: cryptfs/names_core.go
modified: integration_tests/cli_test.go
modified: integration_tests/helpers.go
renamed: cryptfs/config_file.go -> internal/configfile/config_file.go
renamed: cryptfs/config_test.go -> internal/configfile/config_test.go
renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed: cryptfs/kdf.go -> internal/configfile/kdf.go
renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file: internal/contentenc/content_api.go
renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file: internal/cryptocore/crypto_api.go
renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file: internal/nametransform/name_api.go
new file: internal/nametransform/names_core.go
renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go
new file: internal/nametransform/pad16.go
renamed: cryptfs/log.go -> internal/toggledlog/log.go
renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified: main.go
modified: masterkey.go
modified: pathfs_frontend/file.go
modified: pathfs_frontend/file_holes.go
modified: pathfs_frontend/fs.go
modified: pathfs_frontend/fs_dir.go
modified: pathfs_frontend/names.go
modified: test.bash
Diffstat (limited to 'cryptfs/openssl_aead.go')
| -rw-r--r-- | cryptfs/openssl_aead.go | 100 |
1 files changed, 0 insertions, 100 deletions
diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go deleted file mode 100644 index 5d38d38..0000000 --- a/cryptfs/openssl_aead.go +++ /dev/null @@ -1,100 +0,0 @@ -package cryptfs - -// Implements cipher.AEAD with OpenSSL backend - -import ( - "bytes" - "github.com/spacemonkeygo/openssl" -) - -// Supports all nonce sizes -type opensslGCM struct { - key []byte -} - -func (be opensslGCM) Overhead() int { - return AUTH_TAG_LEN -} - -func (be opensslGCM) NonceSize() int { - // We support any nonce size - return -1 -} - -// Seal encrypts and authenticates plaintext, authenticates the -// additional data and appends the result to dst, returning the updated -// slice. opensslGCM supports any nonce size. -func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte { - - // Preallocate output buffer - var cipherBuf bytes.Buffer - cipherBuf.Grow(len(dst) + len(plaintext) + AUTH_TAG_LEN) - // Output will be appended to dst - cipherBuf.Write(dst) - - ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce) - if err != nil { - panic(err) - } - err = ectx.ExtraData(data) - if err != nil { - panic(err) - } - part, err := ectx.EncryptUpdate(plaintext) - if err != nil { - panic(err) - } - cipherBuf.Write(part) - part, err = ectx.EncryptFinal() - if err != nil { - panic(err) - } - cipherBuf.Write(part) - part, err = ectx.GetTag() - if err != nil { - panic(err) - } - cipherBuf.Write(part) - - return cipherBuf.Bytes() -} - -// Open decrypts and authenticates ciphertext, authenticates the -// additional data and, if successful, appends the resulting plaintext -// to dst, returning the updated slice. The nonce must be NonceSize() -// bytes long and both it and the additional data must match the -// value passed to Seal. -// -// The ciphertext and dst may alias exactly or not at all. -func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - - l := len(ciphertext) - tag := ciphertext[l-AUTH_TAG_LEN : l] - ciphertext = ciphertext[0 : l-AUTH_TAG_LEN] - plainBuf := bytes.NewBuffer(dst) - - dctx, err := openssl.NewGCMDecryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce) - if err != nil { - return nil, err - } - err = dctx.ExtraData(data) - if err != nil { - return nil, err - } - part, err := dctx.DecryptUpdate(ciphertext) - if err != nil { - return nil, err - } - plainBuf.Write(part) - err = dctx.SetTag(tag) - if err != nil { - return nil, err - } - part, err = dctx.DecryptFinal() - if err != nil { - return nil, err - } - plainBuf.Write(part) - - return plainBuf.Bytes(), nil -} |