From 2b8cbd944149afe51fadddbd67ee4499d1d86250 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 6 Feb 2016 19:20:54 +0100 Subject: Major refactoring: Split up "cryptfs" into several internal packages "git status" for reference: deleted: cryptfs/cryptfs.go deleted: cryptfs/names_core.go modified: integration_tests/cli_test.go modified: integration_tests/helpers.go renamed: cryptfs/config_file.go -> internal/configfile/config_file.go renamed: cryptfs/config_test.go -> internal/configfile/config_test.go renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf renamed: cryptfs/kdf.go -> internal/configfile/kdf.go renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go new file: internal/contentenc/content_api.go renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go new file: internal/cryptocore/crypto_api.go renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go new file: internal/nametransform/name_api.go new file: internal/nametransform/names_core.go renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go new file: internal/nametransform/pad16.go renamed: cryptfs/log.go -> internal/toggledlog/log.go renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go modified: main.go modified: masterkey.go modified: pathfs_frontend/file.go modified: pathfs_frontend/file_holes.go modified: pathfs_frontend/fs.go modified: pathfs_frontend/fs_dir.go modified: pathfs_frontend/names.go modified: test.bash --- cryptfs/cryptfs_content.go | 129 --------------------------------------------- 1 file changed, 129 deletions(-) delete mode 100644 cryptfs/cryptfs_content.go (limited to 'cryptfs/cryptfs_content.go') diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go deleted file mode 100644 index 2036e58..0000000 --- a/cryptfs/cryptfs_content.go +++ /dev/null @@ -1,129 +0,0 @@ -package cryptfs - -// File content encryption / decryption - -import ( - "bytes" - "crypto/cipher" - "crypto/md5" - "encoding/binary" - "encoding/hex" - "errors" - "os" -) - -// md5sum - debug helper, return md5 hex string -func md5sum(buf []byte) string { - rawHash := md5.Sum(buf) - hash := hex.EncodeToString(rawHash[:]) - return hash -} - -type CryptFile struct { - file *os.File - gcm cipher.AEAD -} - -// DecryptBlocks - Decrypt a number of blocks -func (be *CryptFS) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error) { - cBuf := bytes.NewBuffer(ciphertext) - var err error - var pBuf bytes.Buffer - for cBuf.Len() > 0 { - cBlock := cBuf.Next(int(be.cipherBS)) - var pBlock []byte - pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileId) - if err != nil { - break - } - pBuf.Write(pBlock) - firstBlockNo++ - } - return pBuf.Bytes(), err -} - -// DecryptBlock - Verify and decrypt GCM block -// -// Corner case: A full-sized block of all-zero ciphertext bytes is translated -// to an all-zero plaintext block, i.e. file hole passtrough. -func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte) ([]byte, error) { - - // Empty block? - if len(ciphertext) == 0 { - return ciphertext, nil - } - - // All-zero block? - if bytes.Equal(ciphertext, be.allZeroBlock) { - Debug.Printf("DecryptBlock: file hole encountered") - return make([]byte, be.plainBS), nil - } - - if len(ciphertext) < be.gcmIVLen { - Warn.Printf("DecryptBlock: Block is too short: %d bytes", len(ciphertext)) - return nil, errors.New("Block is too short") - } - - // Extract nonce - nonce := ciphertext[:be.gcmIVLen] - ciphertextOrig := ciphertext - ciphertext = ciphertext[be.gcmIVLen:] - - // Decrypt - var plaintext []byte - aData := make([]byte, 8) - aData = append(aData, fileId...) - binary.BigEndian.PutUint64(aData, blockNo) - plaintext, err := be.gcm.Open(plaintext, nonce, ciphertext, aData) - - if err != nil { - Warn.Printf("DecryptBlock: %s, len=%d, md5=%s", err.Error(), len(ciphertextOrig), md5sum(ciphertextOrig)) - Debug.Println(hex.Dump(ciphertextOrig)) - return nil, err - } - - return plaintext, nil -} - -// encryptBlock - Encrypt and add IV and MAC -func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte { - - // Empty block? - if len(plaintext) == 0 { - return plaintext - } - - // Get fresh nonce - nonce := be.gcmIVGen.Get() - - // Authenticate block with block number and file ID - aData := make([]byte, 8) - binary.BigEndian.PutUint64(aData, blockNo) - aData = append(aData, fileID...) - - // Encrypt plaintext and append to nonce - ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData) - - return ciphertext -} - -// MergeBlocks - Merge newData into oldData at offset -// New block may be bigger than both newData and oldData -func (be *CryptFS) MergeBlocks(oldData []byte, newData []byte, offset int) []byte { - - // Make block of maximum size - out := make([]byte, be.plainBS) - - // Copy old and new data into it - copy(out, oldData) - l := len(newData) - copy(out[offset:offset+l], newData) - - // Crop to length - outLen := len(oldData) - newLen := offset + len(newData) - if outLen < newLen { - outLen = newLen - } - return out[0:outLen] -} -- cgit v1.2.3