aboutsummaryrefslogtreecommitdiff
path: root/cryptfs/cryptfile.go
diff options
context:
space:
mode:
Diffstat (limited to 'cryptfs/cryptfile.go')
-rw-r--r--cryptfs/cryptfile.go226
1 files changed, 0 insertions, 226 deletions
diff --git a/cryptfs/cryptfile.go b/cryptfs/cryptfile.go
deleted file mode 100644
index e5e9462..0000000
--- a/cryptfs/cryptfile.go
+++ /dev/null
@@ -1,226 +0,0 @@
-package cryptfs
-
-import (
- //"fmt"
- "os"
- //"io"
- "errors"
- "crypto/cipher"
-)
-
-type CryptFile struct {
- file *os.File
- gcm cipher.AEAD
-}
-
-// decryptBlock - Verify and decrypt GCM block
-func (be *CryptFS) DecryptBlock(ciphertext []byte) ([]byte, error) {
-
- // Empty block?
- if len(ciphertext) == 0 {
- return ciphertext, nil
- }
-
- if len(ciphertext) < NONCE_LEN {
- warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext))
- return nil, errors.New("Block is too short")
- }
-
- // Extract nonce
- nonce := ciphertext[:NONCE_LEN]
- ciphertext = ciphertext[NONCE_LEN:]
-
- // Decrypt
- var plaintext []byte
- plaintext, err := be.gcm.Open(plaintext, nonce, ciphertext, nil)
- if err != nil {
- return nil, err
- }
-
- return plaintext, nil
-}
-
-// encryptBlock - Encrypt and add MAC using GCM
-func (be *CryptFS) EncryptBlock(plaintext []byte) []byte {
-
- // Empty block?
- if len(plaintext) == 0 {
- return plaintext
- }
-
- // Get fresh nonce
- nonce := gcmNonce.Get()
-
- // Encrypt plaintext and append to nonce
- ciphertext := be.gcm.Seal(nonce, nonce, plaintext, nil)
-
- return ciphertext
-}
-
-/*
-// readCipherBlock - Read ciphertext block number "blockNo", decrypt,
-// return plaintext
-func (be *CryptFile) readCipherBlock(blockNo int64) ([]byte, error) {
- off := blockNo * int64(be.cipherBS)
- buf := make([]byte, be.cipherBS)
-
- readN, err := be.file.ReadAt(buf, off)
-
- if err != nil && err != io.EOF {
- return nil, err
- }
-
- // Truncate buffer to actually read bytes
- buf = buf[:readN]
-
- // Empty block?
- if len(buf) == 0 {
- return buf, nil
- }
-
- if len(buf) < NONCE_LEN {
- warn.Printf("readCipherBlock: Block is too short: %d bytes\n", len(buf))
- return nil, errors.New("Block is too short")
- }
-
- // Extract nonce
- nonce := buf[:NONCE_LEN]
- buf = buf[NONCE_LEN:]
-
- // Decrypt
- var plainBuf []byte
- plainBuf, err = be.gcm.Open(plainBuf, nonce, buf, nil)
- if err != nil {
- fmt.Printf("gcm.Open() failed: %d\n", err)
- return nil, err
- }
-
- return plainBuf, nil
-}
-*/
-
-// intraBlock identifies a part of a file block
-type intraBlock struct {
- BlockNo uint64 // Block number in file
- Offset uint64 // Offset into block plaintext
- Length uint64 // Length of data from this block
- fs *CryptFS
-}
-
-// isPartial - is the block partial? This means we have to do read-modify-write.
-func (ib *intraBlock) IsPartial() bool {
- if ib.Offset > 0 || ib.Length < ib.fs.plainBS {
- return true
- }
- return false
-}
-
-// CiphertextRange - get byte range in ciphertext file corresponding to BlockNo
-// (complete block)
-func (ib *intraBlock) CiphertextRange() (offset uint64, length uint64) {
- return ib.BlockNo * ib.fs.cipherBS, ib.fs.cipherBS
-}
-
-// PlaintextRange - get byte range in plaintext corresponding to BlockNo
-// (complete block)
-func (ib *intraBlock) PlaintextRange() (offset uint64, length uint64) {
- return ib.BlockNo * ib.fs.plainBS, ib.fs.plainBS
-}
-
-// CropBlock - crop a potentially larger plaintext block down to the relevant part
-func (ib *intraBlock) CropBlock(d []byte) []byte{
- lenHave := len(d)
- lenWant := int(ib.Offset+ib.Length)
- if lenHave < lenWant {
- return d[ib.Offset:lenHave]
- }
- return d[ib.Offset:lenWant]
-}
-
-// Split a plaintext byte range into (possible partial) blocks
-func (be *CryptFS) SplitRange(offset uint64, length uint64) []intraBlock {
- var b intraBlock
- var parts []intraBlock
-
- b.fs = be
-
- for length > 0 {
- b.BlockNo = offset / be.plainBS
- b.Offset = offset % be.plainBS
- b.Length = be.minu64(length, be.plainBS - b.Offset)
- parts = append(parts, b)
- offset += b.Length
- length -= b.Length
- }
- return parts
-}
-
-func (be *CryptFS) minu64(x uint64, y uint64) uint64 {
- if x < y {
- return x
- }
- return y
-}
-
-/*
-// writeCipherBlock - Encrypt plaintext and write it to file block "blockNo"
-func (be *CryptFile) writeCipherBlock(blockNo int64, plain []byte) error {
-
- if int64(len(plain)) > be.plainBS {
- panic("writeCipherBlock: Cannot write block that is larger than plainBS")
- }
-
- // Get fresh nonce
- nonce := gcmNonce.Get()
- // Encrypt data and append to nonce
- cipherBuf := be.gcm.Seal(nonce, nonce, plain, nil)
-
- // WriteAt retries short writes autmatically
- written, err := be.file.WriteAt(cipherBuf, blockNo * be.cipherBS)
-
- debug.Printf("writeCipherBlock: wrote %d ciphertext bytes to block %d\n",
- written, blockNo)
-
- return err
-}
-
-// Perform RMW cycle on block
-// Write "data" into file location specified in "b"
-func (be *CryptFile) rmwWrite(b intraBlock, data []byte, f *os.File) error {
- if b.Length != uint64(len(data)) {
- panic("Length mismatch")
- }
-
- oldBlock, err := be.readCipherBlock(b.BlockNo)
- if err != nil {
- return err
- }
- newBlockLen := b.Offset + b.Length
- debug.Printf("newBlockLen := %d + %d\n", b.Offset, b.Length)
- var newBlock []byte
-
- // Write goes beyond the old block and grows the file?
- // Must create a bigger newBlock
- if newBlockLen > uint64(len(oldBlock)) {
- newBlock = make([]byte, newBlockLen)
- } else {
- newBlock = make([]byte, len(oldBlock))
- }
-
- // Fill with old data
- copy(newBlock, oldBlock)
- // Then overwrite the relevant parts with new data
- copy(newBlock[b.Offset:b.Offset + b.Length], data)
-
- // Actual write
- err = be.writeCipherBlock(b.BlockNo, newBlock)
-
- if err != nil {
- // An incomplete write to a ciphertext block means that the whole block
- // is destroyed.
- fmt.Printf("rmwWrite: Write error: %s\n", err)
- }
-
- return err
-}
-*/