diff options
-rw-r--r-- | Documentation/MANPAGE.md | 6 | ||||
-rw-r--r-- | cli_args.go | 4 | ||||
-rw-r--r-- | init_dir.go | 2 | ||||
-rw-r--r-- | internal/configfile/config_file.go | 8 | ||||
-rw-r--r-- | internal/configfile/config_test.go | 8 | ||||
-rw-r--r-- | internal/configfile/feature_flags.go | 4 | ||||
-rw-r--r-- | internal/contentenc/content.go | 12 | ||||
-rw-r--r-- | internal/cryptocore/cryptocore.go | 11 | ||||
-rw-r--r-- | internal/stupidgcm/stupidgcm_test.go | 10 | ||||
-rw-r--r-- | main.go | 19 | ||||
-rw-r--r-- | tests/normal/cli_test.go | 18 | ||||
-rwxr-xr-x | tests/reverse/linux-tarball-test.bash | 3 | ||||
-rw-r--r-- | tests/reverse/main_test.go | 2 |
13 files changed, 50 insertions, 57 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 5c31a92..a9b84dd 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -30,6 +30,9 @@ DESCRIPTION Options: +**-aessiv** +: Use the AES-SIV encryption mode (implied by -reverse) + **-allow_other** : By default, the Linux kernel prevents any other user (even root) to access a mounted FUSE filesystem. Settings this option allows access for @@ -58,9 +61,6 @@ to mount the gocryptfs filesytem without user interaction. **-fusedebug** : Enable fuse library debug output -**-gcmsiv** -: Use the GCM-SIV encryption mode (implied by -reverse) - **-init** : Initialize encrypted directory diff --git a/cli_args.go b/cli_args.go index b50c350..6d42c4e 100644 --- a/cli_args.go +++ b/cli_args.go @@ -14,7 +14,7 @@ import ( type argContainer struct { debug, init, zerokey, fusedebug, openssl, passwd, foreground, version, plaintextnames, quiet, nosyslog, wpanic, - longnames, allow_other, ro, reverse, gcmsiv bool + longnames, allow_other, ro, reverse, aessiv bool masterkey, mountpoint, cipherdir, cpuprofile, extpass, memprofile, o string // Configuration file name override @@ -51,7 +51,7 @@ func parseCliOpts() (args argContainer) { "Only works if user_allow_other is set in /etc/fuse.conf.") flagSet.BoolVar(&args.ro, "ro", false, "Mount the filesystem read-only") flagSet.BoolVar(&args.reverse, "reverse", false, "Reverse mode") - flagSet.BoolVar(&args.gcmsiv, "gcmsiv", false, "GCM-SIV encryption") + flagSet.BoolVar(&args.aessiv, "aessiv", false, "AES-SIV encryption") flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key") flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file") flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file") diff --git a/init_dir.go b/init_dir.go index c9c7be6..9401d19 100644 --- a/init_dir.go +++ b/init_dir.go @@ -39,7 +39,7 @@ func initDir(args *argContainer) { } password := readpassword.Twice(args.extpass) creator := tlog.ProgramName + " " + GitVersion - err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.gcmsiv) + err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv) if err != nil { tlog.Fatal.Println(err) os.Exit(ERREXIT_INIT) diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index fab74a6..f58c51c 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -45,7 +45,7 @@ type ConfFile struct { // CreateConfFile - create a new config with a random key encrypted with // "password" and write it to "filename". // Uses scrypt with cost parameter logN. -func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string, gcmsiv bool) error { +func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string, aessiv bool) error { var cf ConfFile cf.filename = filename cf.Creator = creator @@ -59,7 +59,7 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN cf.EncryptKey(key, password, logN) // Set feature flags - cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagGCMIV128]) // 128-bit IVs + cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagGCMIV128]) if plaintextNames { cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagPlaintextNames]) } else { @@ -67,8 +67,8 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagEMENames]) cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagLongNames]) } - if gcmsiv { - cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagGCMSIV]) // GCM-SIV encryption mode + if aessiv { + cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagAESSIV]) } // Write file to disk diff --git a/internal/configfile/config_test.go b/internal/configfile/config_test.go index ac85c8d..81984fe 100644 --- a/internal/configfile/config_test.go +++ b/internal/configfile/config_test.go @@ -71,7 +71,7 @@ func TestCreateConfFile(t *testing.T) { } -func TestCreateConfFileGCMSIV(t *testing.T) { +func TestCreateConfFileAESSIV(t *testing.T) { err := CreateConfFile("config_test/tmp.conf", "test", false, 10, "test", true) if err != nil { t.Fatal(err) @@ -80,14 +80,14 @@ func TestCreateConfFileGCMSIV(t *testing.T) { if err != nil { t.Fatal(err) } - if !c.IsFeatureFlagSet(FlagGCMSIV) { - t.Error("GCMSIV flag should be set but is not") + if !c.IsFeatureFlagSet(FlagAESSIV) { + t.Error("AESSIV flag should be set but is not") } } func TestIsFeatureFlagKnown(t *testing.T) { // Test a few hardcoded values - testKnownFlags := []string{"DirIV", "PlaintextNames", "EMENames", "GCMIV128", "LongNames", "GCMSIV"} + testKnownFlags := []string{"DirIV", "PlaintextNames", "EMENames", "GCMIV128", "LongNames", "AESSIV"} // And also everything in knownFlags (yes, it is likely that we end up with // some duplicates. Does not matter.) for _, f := range knownFlags { diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index 90b8c22..ad7bec1 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -8,7 +8,7 @@ const ( FlagEMENames FlagGCMIV128 FlagLongNames - FlagGCMSIV + FlagAESSIV ) // knownFlags stores the known feature flags and their string representation @@ -18,7 +18,7 @@ var knownFlags map[flagIota]string = map[flagIota]string{ FlagEMENames: "EMENames", FlagGCMIV128: "GCMIV128", FlagLongNames: "LongNames", - FlagGCMSIV: "GCMSIV", + FlagAESSIV: "AESSIV", } // Filesystems that do not have these feature flags set are deprecated. diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 7561859..86be7d5 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -105,8 +105,8 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []b // Extract nonce nonce := ciphertext[:be.cryptoCore.IVLen] - if bytes.Equal(nonce, be.allZeroNonce) && be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV { - panic("Hit an all-zero nonce with GCMSIV off. This MUST NOT happen!") + if bytes.Equal(nonce, be.allZeroNonce) { + panic("Hit an all-zero nonce. This MUST NOT happen!") } ciphertextOrig := ciphertext ciphertext = ciphertext[be.cryptoCore.IVLen:] @@ -150,13 +150,13 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by var nonce []byte switch nMode { case ExternalNonce: - if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV { - panic("MUST NOT use deterministic nonces unless in GCMSIV mode!") + if be.cryptoCore.AEADBackend != cryptocore.BackendAESSIV { + panic("MUST NOT use deterministic nonces unless in AESSIV mode!") } nonce = externalNonce case ReverseDeterministicNonce: - if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV { - panic("MUST NOT use deterministic nonces unless in GCMSIV mode!") + if be.cryptoCore.AEADBackend != cryptocore.BackendAESSIV { + panic("MUST NOT use deterministic nonces unless in AESSIV mode!") } l := be.cryptoCore.IVLen nonce = make([]byte, l) diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 0913ed0..23dc26e 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -7,9 +7,8 @@ import ( "crypto/cipher" "fmt" + "github.com/rfjakob/gocryptfs/internal/siv_aead" "github.com/rfjakob/gocryptfs/internal/stupidgcm" - - "github.com/rfjakob/gcmsiv" ) type BackendTypeEnum int @@ -21,13 +20,13 @@ const ( _ = iota // Skip zero BackendOpenSSL BackendTypeEnum = iota BackendGoGCM BackendTypeEnum = iota - BackendGCMSIV BackendTypeEnum = iota + BackendAESSIV BackendTypeEnum = iota ) type CryptoCore struct { // AES-256 block cipher. This is used for EME filename encryption. BlockCipher cipher.Block - // GCM or GCM-SIV. This is used for content encryption. + // GCM or AES-SIV. This is used for content encryption. AEADCipher cipher.AEAD // Which backend is behind AEADCipher? AEADBackend BackendTypeEnum @@ -64,8 +63,8 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore { gcm = stupidgcm.New(key) case BackendGoGCM: gcm, err = goGCMWrapper(blockCipher, IVLen) - case BackendGCMSIV: - gcm, err = gcmsiv.NewGCMSIV(key) + case BackendAESSIV: + gcm = siv_aead.New(key) default: panic("unknown backend cipher") } diff --git a/internal/stupidgcm/stupidgcm_test.go b/internal/stupidgcm/stupidgcm_test.go index 1dbfccb..3c11dfe 100644 --- a/internal/stupidgcm/stupidgcm_test.go +++ b/internal/stupidgcm/stupidgcm_test.go @@ -15,7 +15,8 @@ import ( "encoding/hex" "testing" - "github.com/rfjakob/gcmsiv" + // For benchmark comparison + "github.com/rfjakob/gocryptfs/internal/siv_aead" ) // Get "n" random bytes from /dev/urandom or panic @@ -162,16 +163,13 @@ func Benchmark4kEncGoGCM(b *testing.B) { } } -func Benchmark4kEncGCMSIV(b *testing.B) { +func Benchmark4kEncAESSIV(b *testing.B) { key := randBytes(32) authData := randBytes(24) iv := randBytes(16) in := make([]byte, 4096) b.SetBytes(int64(len(in))) - gGCM, err := gcmsiv.NewGCMSIV(key) - if err != nil { - b.Fatal(err) - } + gGCM := siv_aead.New(key) for i := 0; i < b.N; i++ { // Encrypt and append to nonce gGCM.Seal(iv, iv, in, authData) @@ -150,9 +150,9 @@ func main() { if args.quiet { tlog.Info.Enabled = false } - // "-reverse" implies "-gcmsiv" + // "-reverse" implies "-aessiv" if args.reverse { - args.gcmsiv = true + args.aessiv = true } // "-config" if args.config != "" { @@ -290,8 +290,8 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi if args.openssl { cryptoBackend = cryptocore.BackendOpenSSL } - if args.gcmsiv { - cryptoBackend = cryptocore.BackendGCMSIV + if args.aessiv { + cryptoBackend = cryptocore.BackendAESSIV } frontendArgs := fusefrontend.Args{ Cipherdir: args.cipherdir, @@ -304,10 +304,10 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi if confFile != nil { // Settings from the config file override command line args frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames) - if confFile.IsFeatureFlagSet(configfile.FlagGCMSIV) { - frontendArgs.CryptoBackend = cryptocore.BackendGCMSIV + if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) { + frontendArgs.CryptoBackend = cryptocore.BackendAESSIV } else if args.reverse { - tlog.Fatal.Printf("GCM-SIV is required by reverse mode, but not enabled in the config file") + tlog.Fatal.Printf("AES-SIV is required by reverse mode, but not enabled in the config file") os.Exit(ERREXIT_USAGE) } } @@ -318,11 +318,6 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi } jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t") tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes)) - if frontendArgs.CryptoBackend == cryptocore.BackendGCMSIV { - tlog.Info.Printf(tlog.ColorYellow + - "Warning: The GCM-SIV format used by reverse mode is not yet finalized.\n" + - "The on-disk format will change in the future." + tlog.ColorReset) - } var finalFs pathfs.FileSystem if args.reverse { finalFs = fusefrontend_reverse.NewFS(frontendArgs) diff --git a/tests/normal/cli_test.go b/tests/normal/cli_test.go index 62ad217..f0e160d 100644 --- a/tests/normal/cli_test.go +++ b/tests/normal/cli_test.go @@ -27,20 +27,20 @@ func TestInit(t *testing.T) { if err != nil { t.Fatal(err) } - if c.IsFeatureFlagSet(configfile.FlagGCMSIV) { - t.Error("GCMSIV flag should not be set") + if c.IsFeatureFlagSet(configfile.FlagAESSIV) { + t.Error("AESSIV flag should not be set") } } -// Test -init with -gcmsiv -func TestInitGcmsiv(t *testing.T) { - dir := test_helpers.InitFS(t, "-gcmsiv") +// Test -init with -aessiv +func TestInitAessiv(t *testing.T) { + dir := test_helpers.InitFS(t, "-aessiv") _, c, err := configfile.LoadConfFile(dir+"/"+configfile.ConfDefaultName, "test") if err != nil { t.Fatal(err) } - if !c.IsFeatureFlagSet(configfile.FlagGCMSIV) { - t.Error("GCMSIV flag should be set but is not") + if !c.IsFeatureFlagSet(configfile.FlagAESSIV) { + t.Error("AESSIV flag should be set but is not") } } @@ -51,8 +51,8 @@ func TestInitReverse(t *testing.T) { if err != nil { t.Fatal(err) } - if !c.IsFeatureFlagSet(configfile.FlagGCMSIV) { - t.Error("GCMSIV flag should be set but is not") + if !c.IsFeatureFlagSet(configfile.FlagAESSIV) { + t.Error("AESSIV flag should be set but is not") } } diff --git a/tests/reverse/linux-tarball-test.bash b/tests/reverse/linux-tarball-test.bash index 7306600..5fbc3fc 100755 --- a/tests/reverse/linux-tarball-test.bash +++ b/tests/reverse/linux-tarball-test.bash @@ -28,4 +28,5 @@ gocryptfs -q -extpass="echo test" b c # Check md5 sums cd c echo "Checking md5 sums" -md5sum --status -c $MD5 +set -o pipefail +md5sum -c $MD5 | pv -l -s 36782 -N "files checked" | (grep -v ": OK" || true) diff --git a/tests/reverse/main_test.go b/tests/reverse/main_test.go index f59386b..a42bb82 100644 --- a/tests/reverse/main_test.go +++ b/tests/reverse/main_test.go @@ -26,7 +26,7 @@ func TestMain(m *testing.M) { panic(err) } test_helpers.MountOrExit(dirA, dirB, "-zerokey", "-reverse") - test_helpers.MountOrExit(dirB, dirC, "-zerokey", "-gcmsiv") + test_helpers.MountOrExit(dirB, dirC, "-zerokey", "-aessiv") r := m.Run() test_helpers.UnmountPanic(dirC) test_helpers.UnmountPanic(dirB) |