summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Documentation/MANPAGE.md6
-rw-r--r--cli_args.go4
-rw-r--r--init_dir.go2
-rw-r--r--internal/configfile/config_file.go8
-rw-r--r--internal/configfile/config_test.go8
-rw-r--r--internal/configfile/feature_flags.go4
-rw-r--r--internal/contentenc/content.go12
-rw-r--r--internal/cryptocore/cryptocore.go11
-rw-r--r--internal/stupidgcm/stupidgcm_test.go10
-rw-r--r--main.go19
-rw-r--r--tests/normal/cli_test.go18
-rwxr-xr-xtests/reverse/linux-tarball-test.bash3
-rw-r--r--tests/reverse/main_test.go2
13 files changed, 50 insertions, 57 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 5c31a92..a9b84dd 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -30,6 +30,9 @@ DESCRIPTION
Options:
+**-aessiv**
+: Use the AES-SIV encryption mode (implied by -reverse)
+
**-allow_other**
: By default, the Linux kernel prevents any other user (even root) to
access a mounted FUSE filesystem. Settings this option allows access for
@@ -58,9 +61,6 @@ to mount the gocryptfs filesytem without user interaction.
**-fusedebug**
: Enable fuse library debug output
-**-gcmsiv**
-: Use the GCM-SIV encryption mode (implied by -reverse)
-
**-init**
: Initialize encrypted directory
diff --git a/cli_args.go b/cli_args.go
index b50c350..6d42c4e 100644
--- a/cli_args.go
+++ b/cli_args.go
@@ -14,7 +14,7 @@ import (
type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
plaintextnames, quiet, nosyslog, wpanic,
- longnames, allow_other, ro, reverse, gcmsiv bool
+ longnames, allow_other, ro, reverse, aessiv bool
masterkey, mountpoint, cipherdir, cpuprofile, extpass,
memprofile, o string
// Configuration file name override
@@ -51,7 +51,7 @@ func parseCliOpts() (args argContainer) {
"Only works if user_allow_other is set in /etc/fuse.conf.")
flagSet.BoolVar(&args.ro, "ro", false, "Mount the filesystem read-only")
flagSet.BoolVar(&args.reverse, "reverse", false, "Reverse mode")
- flagSet.BoolVar(&args.gcmsiv, "gcmsiv", false, "GCM-SIV encryption")
+ flagSet.BoolVar(&args.aessiv, "aessiv", false, "AES-SIV encryption")
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file")
diff --git a/init_dir.go b/init_dir.go
index c9c7be6..9401d19 100644
--- a/init_dir.go
+++ b/init_dir.go
@@ -39,7 +39,7 @@ func initDir(args *argContainer) {
}
password := readpassword.Twice(args.extpass)
creator := tlog.ProgramName + " " + GitVersion
- err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.gcmsiv)
+ err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv)
if err != nil {
tlog.Fatal.Println(err)
os.Exit(ERREXIT_INIT)
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index fab74a6..f58c51c 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -45,7 +45,7 @@ type ConfFile struct {
// CreateConfFile - create a new config with a random key encrypted with
// "password" and write it to "filename".
// Uses scrypt with cost parameter logN.
-func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string, gcmsiv bool) error {
+func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string, aessiv bool) error {
var cf ConfFile
cf.filename = filename
cf.Creator = creator
@@ -59,7 +59,7 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN
cf.EncryptKey(key, password, logN)
// Set feature flags
- cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagGCMIV128]) // 128-bit IVs
+ cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagGCMIV128])
if plaintextNames {
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagPlaintextNames])
} else {
@@ -67,8 +67,8 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagEMENames])
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagLongNames])
}
- if gcmsiv {
- cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagGCMSIV]) // GCM-SIV encryption mode
+ if aessiv {
+ cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagAESSIV])
}
// Write file to disk
diff --git a/internal/configfile/config_test.go b/internal/configfile/config_test.go
index ac85c8d..81984fe 100644
--- a/internal/configfile/config_test.go
+++ b/internal/configfile/config_test.go
@@ -71,7 +71,7 @@ func TestCreateConfFile(t *testing.T) {
}
-func TestCreateConfFileGCMSIV(t *testing.T) {
+func TestCreateConfFileAESSIV(t *testing.T) {
err := CreateConfFile("config_test/tmp.conf", "test", false, 10, "test", true)
if err != nil {
t.Fatal(err)
@@ -80,14 +80,14 @@ func TestCreateConfFileGCMSIV(t *testing.T) {
if err != nil {
t.Fatal(err)
}
- if !c.IsFeatureFlagSet(FlagGCMSIV) {
- t.Error("GCMSIV flag should be set but is not")
+ if !c.IsFeatureFlagSet(FlagAESSIV) {
+ t.Error("AESSIV flag should be set but is not")
}
}
func TestIsFeatureFlagKnown(t *testing.T) {
// Test a few hardcoded values
- testKnownFlags := []string{"DirIV", "PlaintextNames", "EMENames", "GCMIV128", "LongNames", "GCMSIV"}
+ testKnownFlags := []string{"DirIV", "PlaintextNames", "EMENames", "GCMIV128", "LongNames", "AESSIV"}
// And also everything in knownFlags (yes, it is likely that we end up with
// some duplicates. Does not matter.)
for _, f := range knownFlags {
diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go
index 90b8c22..ad7bec1 100644
--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@@ -8,7 +8,7 @@ const (
FlagEMENames
FlagGCMIV128
FlagLongNames
- FlagGCMSIV
+ FlagAESSIV
)
// knownFlags stores the known feature flags and their string representation
@@ -18,7 +18,7 @@ var knownFlags map[flagIota]string = map[flagIota]string{
FlagEMENames: "EMENames",
FlagGCMIV128: "GCMIV128",
FlagLongNames: "LongNames",
- FlagGCMSIV: "GCMSIV",
+ FlagAESSIV: "AESSIV",
}
// Filesystems that do not have these feature flags set are deprecated.
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 7561859..86be7d5 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -105,8 +105,8 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []b
// Extract nonce
nonce := ciphertext[:be.cryptoCore.IVLen]
- if bytes.Equal(nonce, be.allZeroNonce) && be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
- panic("Hit an all-zero nonce with GCMSIV off. This MUST NOT happen!")
+ if bytes.Equal(nonce, be.allZeroNonce) {
+ panic("Hit an all-zero nonce. This MUST NOT happen!")
}
ciphertextOrig := ciphertext
ciphertext = ciphertext[be.cryptoCore.IVLen:]
@@ -150,13 +150,13 @@ func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []by
var nonce []byte
switch nMode {
case ExternalNonce:
- if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
- panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
+ if be.cryptoCore.AEADBackend != cryptocore.BackendAESSIV {
+ panic("MUST NOT use deterministic nonces unless in AESSIV mode!")
}
nonce = externalNonce
case ReverseDeterministicNonce:
- if be.cryptoCore.AEADBackend != cryptocore.BackendGCMSIV {
- panic("MUST NOT use deterministic nonces unless in GCMSIV mode!")
+ if be.cryptoCore.AEADBackend != cryptocore.BackendAESSIV {
+ panic("MUST NOT use deterministic nonces unless in AESSIV mode!")
}
l := be.cryptoCore.IVLen
nonce = make([]byte, l)
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 0913ed0..23dc26e 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -7,9 +7,8 @@ import (
"crypto/cipher"
"fmt"
+ "github.com/rfjakob/gocryptfs/internal/siv_aead"
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
-
- "github.com/rfjakob/gcmsiv"
)
type BackendTypeEnum int
@@ -21,13 +20,13 @@ const (
_ = iota // Skip zero
BackendOpenSSL BackendTypeEnum = iota
BackendGoGCM BackendTypeEnum = iota
- BackendGCMSIV BackendTypeEnum = iota
+ BackendAESSIV BackendTypeEnum = iota
)
type CryptoCore struct {
// AES-256 block cipher. This is used for EME filename encryption.
BlockCipher cipher.Block
- // GCM or GCM-SIV. This is used for content encryption.
+ // GCM or AES-SIV. This is used for content encryption.
AEADCipher cipher.AEAD
// Which backend is behind AEADCipher?
AEADBackend BackendTypeEnum
@@ -64,8 +63,8 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
gcm = stupidgcm.New(key)
case BackendGoGCM:
gcm, err = goGCMWrapper(blockCipher, IVLen)
- case BackendGCMSIV:
- gcm, err = gcmsiv.NewGCMSIV(key)
+ case BackendAESSIV:
+ gcm = siv_aead.New(key)
default:
panic("unknown backend cipher")
}
diff --git a/internal/stupidgcm/stupidgcm_test.go b/internal/stupidgcm/stupidgcm_test.go
index 1dbfccb..3c11dfe 100644
--- a/internal/stupidgcm/stupidgcm_test.go
+++ b/internal/stupidgcm/stupidgcm_test.go
@@ -15,7 +15,8 @@ import (
"encoding/hex"
"testing"
- "github.com/rfjakob/gcmsiv"
+ // For benchmark comparison
+ "github.com/rfjakob/gocryptfs/internal/siv_aead"
)
// Get "n" random bytes from /dev/urandom or panic
@@ -162,16 +163,13 @@ func Benchmark4kEncGoGCM(b *testing.B) {
}
}
-func Benchmark4kEncGCMSIV(b *testing.B) {
+func Benchmark4kEncAESSIV(b *testing.B) {
key := randBytes(32)
authData := randBytes(24)
iv := randBytes(16)
in := make([]byte, 4096)
b.SetBytes(int64(len(in)))
- gGCM, err := gcmsiv.NewGCMSIV(key)
- if err != nil {
- b.Fatal(err)
- }
+ gGCM := siv_aead.New(key)
for i := 0; i < b.N; i++ {
// Encrypt and append to nonce
gGCM.Seal(iv, iv, in, authData)
diff --git a/main.go b/main.go
index c2da1f0..5f2ce73 100644
--- a/main.go
+++ b/main.go
@@ -150,9 +150,9 @@ func main() {
if args.quiet {
tlog.Info.Enabled = false
}
- // "-reverse" implies "-gcmsiv"
+ // "-reverse" implies "-aessiv"
if args.reverse {
- args.gcmsiv = true
+ args.aessiv = true
}
// "-config"
if args.config != "" {
@@ -290,8 +290,8 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
if args.openssl {
cryptoBackend = cryptocore.BackendOpenSSL
}
- if args.gcmsiv {
- cryptoBackend = cryptocore.BackendGCMSIV
+ if args.aessiv {
+ cryptoBackend = cryptocore.BackendAESSIV
}
frontendArgs := fusefrontend.Args{
Cipherdir: args.cipherdir,
@@ -304,10 +304,10 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
if confFile != nil {
// Settings from the config file override command line args
frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
- if confFile.IsFeatureFlagSet(configfile.FlagGCMSIV) {
- frontendArgs.CryptoBackend = cryptocore.BackendGCMSIV
+ if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) {
+ frontendArgs.CryptoBackend = cryptocore.BackendAESSIV
} else if args.reverse {
- tlog.Fatal.Printf("GCM-SIV is required by reverse mode, but not enabled in the config file")
+ tlog.Fatal.Printf("AES-SIV is required by reverse mode, but not enabled in the config file")
os.Exit(ERREXIT_USAGE)
}
}
@@ -318,11 +318,6 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
}
jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t")
tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes))
- if frontendArgs.CryptoBackend == cryptocore.BackendGCMSIV {
- tlog.Info.Printf(tlog.ColorYellow +
- "Warning: The GCM-SIV format used by reverse mode is not yet finalized.\n" +
- "The on-disk format will change in the future." + tlog.ColorReset)
- }
var finalFs pathfs.FileSystem
if args.reverse {
finalFs = fusefrontend_reverse.NewFS(frontendArgs)
diff --git a/tests/normal/cli_test.go b/tests/normal/cli_test.go
index 62ad217..f0e160d 100644
--- a/tests/normal/cli_test.go
+++ b/tests/normal/cli_test.go
@@ -27,20 +27,20 @@ func TestInit(t *testing.T) {
if err != nil {
t.Fatal(err)
}
- if c.IsFeatureFlagSet(configfile.FlagGCMSIV) {
- t.Error("GCMSIV flag should not be set")
+ if c.IsFeatureFlagSet(configfile.FlagAESSIV) {
+ t.Error("AESSIV flag should not be set")
}
}
-// Test -init with -gcmsiv
-func TestInitGcmsiv(t *testing.T) {
- dir := test_helpers.InitFS(t, "-gcmsiv")
+// Test -init with -aessiv
+func TestInitAessiv(t *testing.T) {
+ dir := test_helpers.InitFS(t, "-aessiv")
_, c, err := configfile.LoadConfFile(dir+"/"+configfile.ConfDefaultName, "test")
if err != nil {
t.Fatal(err)
}
- if !c.IsFeatureFlagSet(configfile.FlagGCMSIV) {
- t.Error("GCMSIV flag should be set but is not")
+ if !c.IsFeatureFlagSet(configfile.FlagAESSIV) {
+ t.Error("AESSIV flag should be set but is not")
}
}
@@ -51,8 +51,8 @@ func TestInitReverse(t *testing.T) {
if err != nil {
t.Fatal(err)
}
- if !c.IsFeatureFlagSet(configfile.FlagGCMSIV) {
- t.Error("GCMSIV flag should be set but is not")
+ if !c.IsFeatureFlagSet(configfile.FlagAESSIV) {
+ t.Error("AESSIV flag should be set but is not")
}
}
diff --git a/tests/reverse/linux-tarball-test.bash b/tests/reverse/linux-tarball-test.bash
index 7306600..5fbc3fc 100755
--- a/tests/reverse/linux-tarball-test.bash
+++ b/tests/reverse/linux-tarball-test.bash
@@ -28,4 +28,5 @@ gocryptfs -q -extpass="echo test" b c
# Check md5 sums
cd c
echo "Checking md5 sums"
-md5sum --status -c $MD5
+set -o pipefail
+md5sum -c $MD5 | pv -l -s 36782 -N "files checked" | (grep -v ": OK" || true)
diff --git a/tests/reverse/main_test.go b/tests/reverse/main_test.go
index f59386b..a42bb82 100644
--- a/tests/reverse/main_test.go
+++ b/tests/reverse/main_test.go
@@ -26,7 +26,7 @@ func TestMain(m *testing.M) {
panic(err)
}
test_helpers.MountOrExit(dirA, dirB, "-zerokey", "-reverse")
- test_helpers.MountOrExit(dirB, dirC, "-zerokey", "-gcmsiv")
+ test_helpers.MountOrExit(dirB, dirC, "-zerokey", "-aessiv")
r := m.Run()
test_helpers.UnmountPanic(dirC)
test_helpers.UnmountPanic(dirB)