diff options
-rw-r--r-- | cryptfs/cryptfs.go | 12 | ||||
-rw-r--r-- | cryptfs/cryptfs_content.go | 8 | ||||
-rw-r--r-- | cryptfs/gcm_go14.go | 4 | ||||
-rw-r--r-- | cryptfs/gcm_go15.go | 2 | ||||
-rw-r--r-- | cryptfs/log.go | 2 | ||||
-rw-r--r-- | cryptfs/nonce.go | 2 | ||||
-rw-r--r-- | integration_tests/cli_test.go | 2 | ||||
-rw-r--r-- | integration_tests/helpers.go | 8 | ||||
-rw-r--r-- | integration_tests/main_test.go | 1 | ||||
-rw-r--r-- | pathfs_frontend/file.go | 3 | ||||
-rw-r--r-- | pathfs_frontend/fs.go | 2 | ||||
-rw-r--r-- | pathfs_frontend/fs_dir.go | 4 | ||||
-rw-r--r-- | pathfs_frontend/names.go | 1 |
13 files changed, 25 insertions, 26 deletions
diff --git a/cryptfs/cryptfs.go b/cryptfs/cryptfs.go index 5832e36..58cca74 100644 --- a/cryptfs/cryptfs.go +++ b/cryptfs/cryptfs.go @@ -24,7 +24,7 @@ type CryptFS struct { plainBS uint64 cipherBS uint64 // Stores an all-zero block of size cipherBS - allZeroBlock []byte + allZeroBlock []byte // DirIV cache for filename encryption DirIVCacheEnc DirIVCache } @@ -53,11 +53,11 @@ func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS { cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN return &CryptFS{ - blockCipher: b, - gcm: gcm, - plainBS: DEFAULT_PLAINBS, - cipherBS: uint64(cipherBS), - allZeroBlock: make([]byte, cipherBS), + blockCipher: b, + gcm: gcm, + plainBS: DEFAULT_PLAINBS, + cipherBS: uint64(cipherBS), + allZeroBlock: make([]byte, cipherBS), } } diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go index cfd488b..25293a7 100644 --- a/cryptfs/cryptfs_content.go +++ b/cryptfs/cryptfs_content.go @@ -86,7 +86,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte } // encryptBlock - Encrypt and add IV and MAC -func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) []byte { +func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte { // Empty block? if len(plaintext) == 0 { @@ -96,10 +96,12 @@ func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) // Get fresh nonce nonce := gcmNonce.Get() - // Encrypt plaintext and append to nonce + // Authenticate block with block number and file ID aData := make([]byte, 8) binary.BigEndian.PutUint64(aData, blockNo) - aData = append(aData, fileId...) + aData = append(aData, fileID...) + + // Encrypt plaintext and append to nonce ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData) return ciphertext diff --git a/cryptfs/gcm_go14.go b/cryptfs/gcm_go14.go index 4629df3..b675b51 100644 --- a/cryptfs/gcm_go14.go +++ b/cryptfs/gcm_go14.go @@ -3,15 +3,15 @@ package cryptfs import ( - "fmt" "crypto/cipher" + "fmt" ) // goGCMWrapper - This wrapper makes sure gocryptfs can be compiled on Go // versions 1.4 and lower that lack NewGCMWithNonceSize(). // 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when // compiled on 1.4. -func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){ +func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) { if nonceSize != 12 { Warn.Printf("128 bit GCM IVs are not supported by Go 1.4 and lower.\n") Warn.Printf("Please use openssl crypto or recompile using a newer Go runtime.\n") diff --git a/cryptfs/gcm_go15.go b/cryptfs/gcm_go15.go index 7696437..3a8055e 100644 --- a/cryptfs/gcm_go15.go +++ b/cryptfs/gcm_go15.go @@ -10,6 +10,6 @@ import ( // versions 1.4 and lower that lack NewGCMWithNonceSize(). // 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when // compiled on 1.4. -func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){ +func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) { return cipher.NewGCMWithNonceSize(bc, nonceSize) } diff --git a/cryptfs/log.go b/cryptfs/log.go index a7fe579..8a6ace8 100644 --- a/cryptfs/log.go +++ b/cryptfs/log.go @@ -1,9 +1,9 @@ package cryptfs import ( + "encoding/json" "fmt" "strings" - "encoding/json" ) type logChannel struct { diff --git a/cryptfs/nonce.go b/cryptfs/nonce.go index a122ea5..3abfefa 100644 --- a/cryptfs/nonce.go +++ b/cryptfs/nonce.go @@ -1,9 +1,9 @@ package cryptfs import ( - "encoding/binary" "bytes" "crypto/rand" + "encoding/binary" "encoding/hex" "fmt" ) diff --git a/integration_tests/cli_test.go b/integration_tests/cli_test.go index dec28a2..5e8902d 100644 --- a/integration_tests/cli_test.go +++ b/integration_tests/cli_test.go @@ -104,7 +104,7 @@ func TestInitPlaintextNames(t *testing.T) { if err == nil { t.Errorf("gocryptfs.diriv should not have been created with -plaintextnames") } - _, cf, err := cryptfs.LoadConfFile(dir + cryptfs.ConfDefaultName, "test") + _, cf, err := cryptfs.LoadConfFile(dir+cryptfs.ConfDefaultName, "test") if err != nil { t.Fatal(err) } diff --git a/integration_tests/helpers.go b/integration_tests/helpers.go index 7c4aeef..8eb5379 100644 --- a/integration_tests/helpers.go +++ b/integration_tests/helpers.go @@ -1,13 +1,13 @@ package integration_tests import ( - "syscall" "crypto/md5" "encoding/hex" "fmt" "io/ioutil" "os" "os/exec" + "syscall" "testing" "github.com/rfjakob/gocryptfs/cryptfs" @@ -143,7 +143,7 @@ func testMkdirRmdir(t *testing.T, plainDir string) { if errno != syscall.ENOTEMPTY { t.Errorf("Should have gotten ENOTEMPTY, go %v", errno) } - if syscall.Unlink(dir + "/file") != nil { + if syscall.Unlink(dir+"/file") != nil { t.Fatal(err) } if syscall.Rmdir(dir) != nil { @@ -164,8 +164,8 @@ func testMkdirRmdir(t *testing.T, plainDir string) { // Create and rename a file func testRename(t *testing.T, plainDir string) { - file1 := plainDir+"rename1" - file2 := plainDir+"rename2" + file1 := plainDir + "rename1" + file2 := plainDir + "rename2" err := ioutil.WriteFile(file1, []byte("content"), 0777) if err != nil { t.Fatal(err) diff --git a/integration_tests/main_test.go b/integration_tests/main_test.go index cfa481d..f4ff544 100644 --- a/integration_tests/main_test.go +++ b/integration_tests/main_test.go @@ -333,7 +333,6 @@ func TestRename(t *testing.T) { testRename(t, defaultPlainDir) } - // Overwrite an empty directory with another directory func TestDirOverwrite(t *testing.T) { dir1 := defaultPlainDir + "DirOverwrite1" diff --git a/pathfs_frontend/file.go b/pathfs_frontend/file.go index 1470da2..cf6b192 100644 --- a/pathfs_frontend/file.go +++ b/pathfs_frontend/file.go @@ -261,7 +261,6 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) { cryptfs.Debug.Printf("len(oldData)=%d len(blockData)=%d\n", len(oldData), len(blockData)) } - // Write blockOffset, blockLen := b.CiphertextRange() blockData = f.cfs.EncryptBlock(blockData, b.BlockNo, f.header.Id) cryptfs.Debug.Printf("ino%d: Writing %d bytes to block #%d, md5=%s\n", @@ -276,6 +275,8 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) { status = fuse.ToStatus(err) break } + + // Write f.fdLock.Lock() _, err = f.fd.WriteAt(blockData, int64(blockOffset)) f.fdLock.Unlock() diff --git a/pathfs_frontend/fs.go b/pathfs_frontend/fs.go index c7a9888..f853556 100644 --- a/pathfs_frontend/fs.go +++ b/pathfs_frontend/fs.go @@ -244,8 +244,6 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f return string(target), fuse.OK } - - func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) { if fs.isFiltered(path) { return fuse.EPERM diff --git a/pathfs_frontend/fs_dir.go b/pathfs_frontend/fs_dir.go index 95257bb..9b319f8 100644 --- a/pathfs_frontend/fs_dir.go +++ b/pathfs_frontend/fs_dir.go @@ -1,10 +1,10 @@ package pathfs_frontend import ( + "fmt" "os" "path/filepath" "syscall" - "fmt" "github.com/hanwen/go-fuse/fuse" "github.com/rfjakob/gocryptfs/cryptfs" @@ -85,7 +85,7 @@ func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) { cryptfs.Debug.Printf("Rmdir: Chmod failed: %v\n", err2) return fuse.ToStatus(err) } - defer func () { + defer func() { if code != fuse.OK { // Undo the chmod if removing the directory failed err3 := os.Chmod(encPath, origMode) diff --git a/pathfs_frontend/names.go b/pathfs_frontend/names.go index e1783a6..219942e 100644 --- a/pathfs_frontend/names.go +++ b/pathfs_frontend/names.go @@ -24,7 +24,6 @@ func (fs *FS) isFiltered(path string) bool { return false } - // encryptPath - encrypt relative plaintext path func (fs *FS) encryptPath(plainPath string) (string, error) { if fs.args.PlaintextNames { |