Major refactoring: Split up "cryptfs" into several internal packages

"git status" for reference:

deleted:    cryptfs/cryptfs.go
deleted:    cryptfs/names_core.go
modified:   integration_tests/cli_test.go
modified:   integration_tests/helpers.go
renamed:    cryptfs/config_file.go -> internal/configfile/config_file.go
renamed:    cryptfs/config_test.go -> internal/configfile/config_test.go
renamed:    cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed:    cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed:    cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed:    cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed:    cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed:    cryptfs/kdf.go -> internal/configfile/kdf.go
renamed:    cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed:    cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file:   internal/contentenc/content_api.go
renamed:    cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed:    cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed:    cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed:    cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file:   internal/cryptocore/crypto_api.go
renamed:    cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed:    cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed:    cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed:    cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed:    cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed:    cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file:   internal/nametransform/name_api.go
new file:   internal/nametransform/names_core.go
renamed:    cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed:    cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed:    cryptfs/names_test.go -> internal/nametransform/names_test.go
new file:   internal/nametransform/pad16.go
renamed:    cryptfs/log.go -> internal/toggledlog/log.go
renamed:    cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed:    cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified:   main.go
modified:   masterkey.go
modified:   pathfs_frontend/file.go
modified:   pathfs_frontend/file_holes.go
modified:   pathfs_frontend/fs.go
modified:   pathfs_frontend/fs_dir.go
modified:   pathfs_frontend/names.go
modified:   test.bash

1 files changed, 100 insertions, 0 deletions

diff --git a/internal/cryptocore/openssl_aead.go b/internal/cryptocore/openssl_aead.go
new file mode 100644
index 0000000..d4ed64b
--- /dev/null
+++ b/internal/cryptocore/openssl_aead.go
@@ -0,0 +1,100 @@
+package cryptocore
+
+// Implements cipher.AEAD with OpenSSL backend
+
+import (
+	"bytes"
+	"github.com/spacemonkeygo/openssl"
+)
+
+// Supports all nonce sizes
+type opensslGCM struct {
+	key []byte
+}
+
+func (be opensslGCM) Overhead() int {
+	return AuthTagLen
+}
+
+func (be opensslGCM) NonceSize() int {
+	// We support any nonce size
+	return -1
+}
+
+// Seal encrypts and authenticates plaintext, authenticates the
+// additional data and appends the result to dst, returning the updated
+// slice. opensslGCM supports any nonce size.
+func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
+
+	// Preallocate output buffer
+	var cipherBuf bytes.Buffer
+	cipherBuf.Grow(len(dst) + len(plaintext) + AuthTagLen)
+	// Output will be appended to dst
+	cipherBuf.Write(dst)
+
+	ectx, err := openssl.NewGCMEncryptionCipherCtx(KeyLen*8, nil, be.key, nonce)
+	if err != nil {
+		panic(err)
+	}
+	err = ectx.ExtraData(data)
+	if err != nil {
+		panic(err)
+	}
+	part, err := ectx.EncryptUpdate(plaintext)
+	if err != nil {
+		panic(err)
+	}
+	cipherBuf.Write(part)
+	part, err = ectx.EncryptFinal()
+	if err != nil {
+		panic(err)
+	}
+	cipherBuf.Write(part)
+	part, err = ectx.GetTag()
+	if err != nil {
+		panic(err)
+	}
+	cipherBuf.Write(part)
+
+	return cipherBuf.Bytes()
+}
+
+// Open decrypts and authenticates ciphertext, authenticates the
+// additional data and, if successful, appends the resulting plaintext
+// to dst, returning the updated slice. The nonce must be NonceSize()
+// bytes long and both it and the additional data must match the
+// value passed to Seal.
+//
+// The ciphertext and dst may alias exactly or not at all.
+func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
+
+	l := len(ciphertext)
+	tag := ciphertext[l-AuthTagLen : l]
+	ciphertext = ciphertext[0 : l-AuthTagLen]
+	plainBuf := bytes.NewBuffer(dst)
+
+	dctx, err := openssl.NewGCMDecryptionCipherCtx(KeyLen*8, nil, be.key, nonce)
+	if err != nil {
+		return nil, err
+	}
+	err = dctx.ExtraData(data)
+	if err != nil {
+		return nil, err
+	}
+	part, err := dctx.DecryptUpdate(ciphertext)
+	if err != nil {
+		return nil, err
+	}
+	plainBuf.Write(part)
+	err = dctx.SetTag(tag)
+	if err != nil {
+		return nil, err
+	}
+	part, err = dctx.DecryptFinal()
+	if err != nil {
+		return nil, err
+	}
+	plainBuf.Write(part)
+
+	return plainBuf.Bytes(), nil
+}