diff options
Diffstat (limited to 'cryptfs')
| -rw-r--r-- | cryptfs/cryptfs.go | 12 | ||||
| -rw-r--r-- | cryptfs/cryptfs_content.go | 8 | ||||
| -rw-r--r-- | cryptfs/gcm_go14.go | 4 | ||||
| -rw-r--r-- | cryptfs/gcm_go15.go | 2 | ||||
| -rw-r--r-- | cryptfs/log.go | 2 | ||||
| -rw-r--r-- | cryptfs/nonce.go | 2 |
6 files changed, 16 insertions, 14 deletions
diff --git a/cryptfs/cryptfs.go b/cryptfs/cryptfs.go index 5832e36..58cca74 100644 --- a/cryptfs/cryptfs.go +++ b/cryptfs/cryptfs.go @@ -24,7 +24,7 @@ type CryptFS struct { plainBS uint64 cipherBS uint64 // Stores an all-zero block of size cipherBS - allZeroBlock []byte + allZeroBlock []byte // DirIV cache for filename encryption DirIVCacheEnc DirIVCache } @@ -53,11 +53,11 @@ func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS { cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN return &CryptFS{ - blockCipher: b, - gcm: gcm, - plainBS: DEFAULT_PLAINBS, - cipherBS: uint64(cipherBS), - allZeroBlock: make([]byte, cipherBS), + blockCipher: b, + gcm: gcm, + plainBS: DEFAULT_PLAINBS, + cipherBS: uint64(cipherBS), + allZeroBlock: make([]byte, cipherBS), } } diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go index cfd488b..25293a7 100644 --- a/cryptfs/cryptfs_content.go +++ b/cryptfs/cryptfs_content.go @@ -86,7 +86,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte } // encryptBlock - Encrypt and add IV and MAC -func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) []byte { +func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte { // Empty block? if len(plaintext) == 0 { @@ -96,10 +96,12 @@ func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) // Get fresh nonce nonce := gcmNonce.Get() - // Encrypt plaintext and append to nonce + // Authenticate block with block number and file ID aData := make([]byte, 8) binary.BigEndian.PutUint64(aData, blockNo) - aData = append(aData, fileId...) + aData = append(aData, fileID...) + + // Encrypt plaintext and append to nonce ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData) return ciphertext diff --git a/cryptfs/gcm_go14.go b/cryptfs/gcm_go14.go index 4629df3..b675b51 100644 --- a/cryptfs/gcm_go14.go +++ b/cryptfs/gcm_go14.go @@ -3,15 +3,15 @@ package cryptfs import ( - "fmt" "crypto/cipher" + "fmt" ) // goGCMWrapper - This wrapper makes sure gocryptfs can be compiled on Go // versions 1.4 and lower that lack NewGCMWithNonceSize(). // 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when // compiled on 1.4. -func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){ +func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) { if nonceSize != 12 { Warn.Printf("128 bit GCM IVs are not supported by Go 1.4 and lower.\n") Warn.Printf("Please use openssl crypto or recompile using a newer Go runtime.\n") diff --git a/cryptfs/gcm_go15.go b/cryptfs/gcm_go15.go index 7696437..3a8055e 100644 --- a/cryptfs/gcm_go15.go +++ b/cryptfs/gcm_go15.go @@ -10,6 +10,6 @@ import ( // versions 1.4 and lower that lack NewGCMWithNonceSize(). // 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when // compiled on 1.4. -func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){ +func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) { return cipher.NewGCMWithNonceSize(bc, nonceSize) } diff --git a/cryptfs/log.go b/cryptfs/log.go index a7fe579..8a6ace8 100644 --- a/cryptfs/log.go +++ b/cryptfs/log.go @@ -1,9 +1,9 @@ package cryptfs import ( + "encoding/json" "fmt" "strings" - "encoding/json" ) type logChannel struct { diff --git a/cryptfs/nonce.go b/cryptfs/nonce.go index a122ea5..3abfefa 100644 --- a/cryptfs/nonce.go +++ b/cryptfs/nonce.go @@ -1,9 +1,9 @@ package cryptfs import ( - "encoding/binary" "bytes" "crypto/rand" + "encoding/binary" "encoding/hex" "fmt" ) |