aboutsummaryrefslogtreecommitdiff
path: root/internal/contentenc/content.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/contentenc/content.go')
-rw-r--r--internal/contentenc/content.go27
1 files changed, 17 insertions, 10 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index ac2e8de..dd3b77a 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -11,21 +11,28 @@ import (
"github.com/rfjakob/gocryptfs/internal/tlog"
)
+// NonceMode determines how nonces are created.
type NonceMode int
const (
- // Default plaintext block size
+ // DefaultBS is the default plaintext block size
DefaultBS = 4096
+ // DefaultIVBits is the default length of IV, in bits.
// We always use 128-bit IVs for file content, but the
// key in the config file is encrypted with a 96-bit IV.
DefaultIVBits = 128
- _ = iota // skip zero
- RandomNonce NonceMode = iota
+ _ = iota // skip zero
+ // RandomNonce chooses a random nonce.
+ RandomNonce NonceMode = iota
+ // ReverseDeterministicNonce chooses a deterministic nonce, suitable for
+ // use in reverse mode.
ReverseDeterministicNonce NonceMode = iota
- ExternalNonce NonceMode = iota
+ // ExternalNonce derives a nonce from external sources.
+ ExternalNonce NonceMode = iota
)
+// ContentEnc is used to encipher and decipher file content.
type ContentEnc struct {
// Cryptographic primitives
cryptoCore *cryptocore.CryptoCore
@@ -39,8 +46,8 @@ type ContentEnc struct {
allZeroNonce []byte
}
+// New returns an initialized ContentEnc instance.
func New(cc *cryptocore.CryptoCore, plainBS uint64) *ContentEnc {
-
cipherBS := plainBS + uint64(cc.IVLen) + cryptocore.AuthTagLen
return &ContentEnc{
@@ -62,16 +69,16 @@ func (be *ContentEnc) CipherBS() uint64 {
return be.cipherBS
}
-// DecryptBlocks - Decrypt a number of blocks
+// DecryptBlocks decrypts a number of blocks
// TODO refactor to three-param for
-func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error) {
+func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileID []byte) ([]byte, error) {
cBuf := bytes.NewBuffer(ciphertext)
var err error
var pBuf bytes.Buffer
for cBuf.Len() > 0 {
cBlock := cBuf.Next(int(be.cipherBS))
var pBlock []byte
- pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileId)
+ pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileID)
if err != nil {
break
}
@@ -85,7 +92,7 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file
//
// Corner case: A full-sized block of all-zero ciphertext bytes is translated
// to an all-zero plaintext block, i.e. file hole passtrough.
-func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte) ([]byte, error) {
+func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []byte) ([]byte, error) {
// Empty block?
if len(ciphertext) == 0 {
@@ -114,7 +121,7 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []b
// Decrypt
var plaintext []byte
aData := make([]byte, 8)
- aData = append(aData, fileId...)
+ aData = append(aData, fileID...)
binary.BigEndian.PutUint64(aData, blockNo)
plaintext, err := be.cryptoCore.AEADCipher.Open(plaintext, nonce, ciphertext, aData)