diff options
Diffstat (limited to 'cryptfs/cryptfile.go')
| -rw-r--r-- | cryptfs/cryptfile.go | 226 |
1 files changed, 0 insertions, 226 deletions
diff --git a/cryptfs/cryptfile.go b/cryptfs/cryptfile.go deleted file mode 100644 index e5e9462..0000000 --- a/cryptfs/cryptfile.go +++ /dev/null @@ -1,226 +0,0 @@ -package cryptfs - -import ( - //"fmt" - "os" - //"io" - "errors" - "crypto/cipher" -) - -type CryptFile struct { - file *os.File - gcm cipher.AEAD -} - -// decryptBlock - Verify and decrypt GCM block -func (be *CryptFS) DecryptBlock(ciphertext []byte) ([]byte, error) { - - // Empty block? - if len(ciphertext) == 0 { - return ciphertext, nil - } - - if len(ciphertext) < NONCE_LEN { - warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext)) - return nil, errors.New("Block is too short") - } - - // Extract nonce - nonce := ciphertext[:NONCE_LEN] - ciphertext = ciphertext[NONCE_LEN:] - - // Decrypt - var plaintext []byte - plaintext, err := be.gcm.Open(plaintext, nonce, ciphertext, nil) - if err != nil { - return nil, err - } - - return plaintext, nil -} - -// encryptBlock - Encrypt and add MAC using GCM -func (be *CryptFS) EncryptBlock(plaintext []byte) []byte { - - // Empty block? - if len(plaintext) == 0 { - return plaintext - } - - // Get fresh nonce - nonce := gcmNonce.Get() - - // Encrypt plaintext and append to nonce - ciphertext := be.gcm.Seal(nonce, nonce, plaintext, nil) - - return ciphertext -} - -/* -// readCipherBlock - Read ciphertext block number "blockNo", decrypt, -// return plaintext -func (be *CryptFile) readCipherBlock(blockNo int64) ([]byte, error) { - off := blockNo * int64(be.cipherBS) - buf := make([]byte, be.cipherBS) - - readN, err := be.file.ReadAt(buf, off) - - if err != nil && err != io.EOF { - return nil, err - } - - // Truncate buffer to actually read bytes - buf = buf[:readN] - - // Empty block? - if len(buf) == 0 { - return buf, nil - } - - if len(buf) < NONCE_LEN { - warn.Printf("readCipherBlock: Block is too short: %d bytes\n", len(buf)) - return nil, errors.New("Block is too short") - } - - // Extract nonce - nonce := buf[:NONCE_LEN] - buf = buf[NONCE_LEN:] - - // Decrypt - var plainBuf []byte - plainBuf, err = be.gcm.Open(plainBuf, nonce, buf, nil) - if err != nil { - fmt.Printf("gcm.Open() failed: %d\n", err) - return nil, err - } - - return plainBuf, nil -} -*/ - -// intraBlock identifies a part of a file block -type intraBlock struct { - BlockNo uint64 // Block number in file - Offset uint64 // Offset into block plaintext - Length uint64 // Length of data from this block - fs *CryptFS -} - -// isPartial - is the block partial? This means we have to do read-modify-write. -func (ib *intraBlock) IsPartial() bool { - if ib.Offset > 0 || ib.Length < ib.fs.plainBS { - return true - } - return false -} - -// CiphertextRange - get byte range in ciphertext file corresponding to BlockNo -// (complete block) -func (ib *intraBlock) CiphertextRange() (offset uint64, length uint64) { - return ib.BlockNo * ib.fs.cipherBS, ib.fs.cipherBS -} - -// PlaintextRange - get byte range in plaintext corresponding to BlockNo -// (complete block) -func (ib *intraBlock) PlaintextRange() (offset uint64, length uint64) { - return ib.BlockNo * ib.fs.plainBS, ib.fs.plainBS -} - -// CropBlock - crop a potentially larger plaintext block down to the relevant part -func (ib *intraBlock) CropBlock(d []byte) []byte{ - lenHave := len(d) - lenWant := int(ib.Offset+ib.Length) - if lenHave < lenWant { - return d[ib.Offset:lenHave] - } - return d[ib.Offset:lenWant] -} - -// Split a plaintext byte range into (possible partial) blocks -func (be *CryptFS) SplitRange(offset uint64, length uint64) []intraBlock { - var b intraBlock - var parts []intraBlock - - b.fs = be - - for length > 0 { - b.BlockNo = offset / be.plainBS - b.Offset = offset % be.plainBS - b.Length = be.minu64(length, be.plainBS - b.Offset) - parts = append(parts, b) - offset += b.Length - length -= b.Length - } - return parts -} - -func (be *CryptFS) minu64(x uint64, y uint64) uint64 { - if x < y { - return x - } - return y -} - -/* -// writeCipherBlock - Encrypt plaintext and write it to file block "blockNo" -func (be *CryptFile) writeCipherBlock(blockNo int64, plain []byte) error { - - if int64(len(plain)) > be.plainBS { - panic("writeCipherBlock: Cannot write block that is larger than plainBS") - } - - // Get fresh nonce - nonce := gcmNonce.Get() - // Encrypt data and append to nonce - cipherBuf := be.gcm.Seal(nonce, nonce, plain, nil) - - // WriteAt retries short writes autmatically - written, err := be.file.WriteAt(cipherBuf, blockNo * be.cipherBS) - - debug.Printf("writeCipherBlock: wrote %d ciphertext bytes to block %d\n", - written, blockNo) - - return err -} - -// Perform RMW cycle on block -// Write "data" into file location specified in "b" -func (be *CryptFile) rmwWrite(b intraBlock, data []byte, f *os.File) error { - if b.Length != uint64(len(data)) { - panic("Length mismatch") - } - - oldBlock, err := be.readCipherBlock(b.BlockNo) - if err != nil { - return err - } - newBlockLen := b.Offset + b.Length - debug.Printf("newBlockLen := %d + %d\n", b.Offset, b.Length) - var newBlock []byte - - // Write goes beyond the old block and grows the file? - // Must create a bigger newBlock - if newBlockLen > uint64(len(oldBlock)) { - newBlock = make([]byte, newBlockLen) - } else { - newBlock = make([]byte, len(oldBlock)) - } - - // Fill with old data - copy(newBlock, oldBlock) - // Then overwrite the relevant parts with new data - copy(newBlock[b.Offset:b.Offset + b.Length], data) - - // Actual write - err = be.writeCipherBlock(b.BlockNo, newBlock) - - if err != nil { - // An incomplete write to a ciphertext block means that the whole block - // is destroyed. - fmt.Printf("rmwWrite: Write error: %s\n", err) - } - - return err -} -*/ |