From abaa12992ce9d59c94a8530237dfaa4ebe6063f0 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 23 Aug 2021 22:19:30 +0200 Subject: xray: add xchacha support Also use the new cryptocore algo names. --- gocryptfs-xray/xray_main.go | 72 +++++++++++++++------------- gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt | 2 +- gocryptfs-xray/xray_tests/aessiv_fs.xray.txt | 2 +- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go index ffcd239..8abd008 100644 --- a/gocryptfs-xray/xray_main.go +++ b/gocryptfs-xray/xray_main.go @@ -24,26 +24,22 @@ var GitVersion = "[GitVersion not set - please compile using ./build.bash]" var BuildDate = "0000-00-00" const ( - ivLen = contentenc.DefaultIVBits / 8 - authTagLen = cryptocore.AuthTagLen - blockSize = contentenc.DefaultBS + ivLen + cryptocore.AuthTagLen - myName = "gocryptfs-xray" + myName = "gocryptfs-xray" ) +// blockSize is the ciphertext block size including overheads +func blockSize(alg cryptocore.AEADTypeEnum) int { + return alg.NonceSize + contentenc.DefaultBS + cryptocore.AuthTagLen +} + func errExit(err error) { fmt.Println(err) os.Exit(1) } -func prettyPrintHeader(h *contentenc.FileHeader, aessiv bool) { +func prettyPrintHeader(h *contentenc.FileHeader, algo cryptocore.AEADTypeEnum) { id := hex.EncodeToString(h.ID) - msg := "Header: Version: %d, Id: %s" - if aessiv { - msg += ", assuming AES-SIV mode" - } else { - msg += ", assuming AES-GCM mode" - } - fmt.Printf(msg+"\n", h.Version, id) + fmt.Printf("Header: Version: %d, Id: %s, assuming %s mode\n", h.Version, id, algo.Name) } // printVersion prints a version string like this: @@ -79,21 +75,25 @@ func sum(x ...*bool) (s int) { return s } +type argContainer struct { + dumpmasterkey *bool + decryptPaths *bool + encryptPaths *bool + aessiv *bool + xchacha *bool + sep0 *bool + fido2 *string + version *bool +} + func main() { - var args struct { - dumpmasterkey *bool - decryptPaths *bool - encryptPaths *bool - aessiv *bool - sep0 *bool - fido2 *string - version *bool - } + var args argContainer args.dumpmasterkey = flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") args.decryptPaths = flag.Bool("decrypt-paths", false, "Decrypt file paths using gocryptfs control socket") args.encryptPaths = flag.Bool("encrypt-paths", false, "Encrypt file paths using gocryptfs control socket") args.sep0 = flag.Bool("0", false, "Use \\0 instead of \\n as separator") args.aessiv = flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") + args.xchacha = flag.Bool("xchacha", false, "Assume XChaCha20-Poly1305 mode instead of AES-GCM") args.fido2 = flag.String("fido2", "", "Protect the masterkey using a FIDO2 token instead of a password") args.version = flag.Bool("version", false, "Print version information") @@ -121,15 +121,15 @@ func main() { if *args.encryptPaths { encryptPaths(fn, *args.sep0) } - fd, err := os.Open(fn) + f, err := os.Open(fn) if err != nil { errExit(err) } - defer fd.Close() + defer f.Close() if *args.dumpmasterkey { dumpMasterKey(fn, *args.fido2) } else { - inspectCiphertext(fd, *args.aessiv) + inspectCiphertext(&args, f) } } @@ -166,7 +166,13 @@ func dumpMasterKey(fn string, fido2Path string) { } } -func inspectCiphertext(fd *os.File, aessiv bool) { +func inspectCiphertext(args *argContainer, fd *os.File) { + algo := cryptocore.BackendGoGCM + if *args.aessiv { + algo = cryptocore.BackendAESSIV + } else if *args.xchacha { + algo = cryptocore.BackendXChaCha20Poly1305 + } headerBytes := make([]byte, contentenc.HeaderLen) n, err := fd.ReadAt(headerBytes, 0) if err == io.EOF && n == 0 { @@ -182,11 +188,11 @@ func inspectCiphertext(fd *os.File, aessiv bool) { if err != nil { errExit(err) } - prettyPrintHeader(header, aessiv) + prettyPrintHeader(header, algo) var i int64 - buf := make([]byte, blockSize) + buf := make([]byte, blockSize(algo)) for i = 0; ; i++ { - off := contentenc.HeaderLen + i*blockSize + off := contentenc.HeaderLen + i*int64(blockSize(algo)) n, err := fd.ReadAt(buf, off) if err != nil && err != io.EOF { errExit(err) @@ -195,15 +201,15 @@ func inspectCiphertext(fd *os.File, aessiv bool) { break } // A block contains at least the IV, the Auth Tag and 1 data byte - if n < ivLen+authTagLen+1 { + if n < algo.NonceSize+cryptocore.AuthTagLen+1 { errExit(fmt.Errorf("corrupt block: truncated data, len=%d", n)) } data := buf[:n] // Parse block data - iv := data[:ivLen] - tag := data[len(data)-authTagLen:] - if aessiv { - tag = data[ivLen : ivLen+authTagLen] + iv := data[:algo.NonceSize] + tag := data[len(data)-cryptocore.AuthTagLen:] + if *args.aessiv { + tag = data[algo.NonceSize : algo.NonceSize+cryptocore.AuthTagLen] } fmt.Printf("Block %2d: IV: %s, Tag: %s, Offset: %5d Len: %d\n", i, hex.EncodeToString(iv), hex.EncodeToString(tag), off, len(data)) diff --git a/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt b/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt index c403b75..386095c 100644 --- a/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt +++ b/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt @@ -1,3 +1,3 @@ -Header: Version: 2, Id: 8932adf303fe0289679d47fa84d2b241, assuming AES-GCM mode +Header: Version: 2, Id: 8932adf303fe0289679d47fa84d2b241, assuming AES-GCM-256-Go mode Block 0: IV: c8536b4bfd92f5dc3c1e2ac29f116d4a, Tag: 22b20422749b2f4bba67ec7d3bb1ac34, Offset: 18 Len: 4128 Block 1: IV: 2de68f4965779bb137ef2b3c20453556, Tag: 3e8758d6872234b1fffab2504e623467, Offset: 4146 Len: 936 diff --git a/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt index 37d6ebb..481b22a 100644 --- a/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt +++ b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt @@ -1,3 +1,3 @@ -Header: Version: 2, Id: d839806747918e345633fcdd0988e67c, assuming AES-SIV mode +Header: Version: 2, Id: d839806747918e345633fcdd0988e67c, assuming AES-SIV-512-Go mode Block 0: IV: 1d3ce2b13260f83766ccf9a670478a4b, Tag: 0b6f95bd523b4c93704e15ecc6bef8e7, Offset: 18 Len: 4128 Block 1: IV: 7eb947d2adf18adf3bed39bbc8052968, Tag: 1a272903e5a987f53f07344840387c20, Offset: 4146 Len: 936 -- cgit v1.2.3