libgocryptfs/cryptfs/cryptfs.go

package cryptfs

// CryptFS is the crypto backend of GoCryptFS

import (
	"crypto/aes"
	"crypto/cipher"
	"fmt"
)

const (
	DEFAULT_PLAINBS = 4096
	KEY_LEN         = 32 // AES-256
	AUTH_TAG_LEN    = 16
	DIRIV_LEN       = 16 // identical to AES block size
	DIRIV_FILENAME  = "gocryptfs.diriv"
)

type CryptFS struct {
	blockCipher cipher.Block
	gcm         cipher.AEAD
	gcmIVLen    int
	gcmIVGen    nonceGenerator
	plainBS     uint64
	cipherBS    uint64
	// Stores an all-zero block of size cipherBS
	allZeroBlock []byte
	// DirIV cache for filename encryption
	DirIVCacheEnc DirIVCache
}

func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool, GCMIV128 bool) *CryptFS {

	if len(key) != KEY_LEN {
		panic(fmt.Sprintf("Unsupported key length %d", len(key)))
	}

	b, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}

	// We want the IV size in bytes
	gcmIV := 96 / 8
	if GCMIV128 {
		gcmIV = 128 / 8
	}

	var gcm cipher.AEAD
	if useOpenssl {
		gcm = opensslGCM{key}
	} else {
		gcm, err = cipher.NewGCMWithNonceSize(b, gcmIV)
		if err != nil {
			panic(err)
		}
	}

	plainBS := DEFAULT_PLAINBS
	cipherBS := plainBS + gcmIV + AUTH_TAG_LEN

	return &CryptFS{
		blockCipher:  b,
		gcm:          gcm,
		gcmIVLen:     gcmIV,
		gcmIVGen:     nonceGenerator{nonceLen: gcmIV},
		plainBS:      uint64(plainBS),
		cipherBS:     uint64(cipherBS),
		allZeroBlock: make([]byte, cipherBS),
	}
}

// Get plaintext block size
func (be *CryptFS) PlainBS() uint64 {
	return be.plainBS
}

// Per-block storage overhead
func (be *CryptFS) BlockOverhead() uint64 {
	return be.cipherBS - be.plainBS
}
Split into FS and File 2015-09-03 18:57:28 +02:00			`package cryptfs`
Port from go-fuse to bazil/fuse 2015-09-03 18:22:18 +02:00
Cleanup and rename files 2015-09-05 20:30:20 +02:00			`// CryptFS is the crypto backend of GoCryptFS`

Port from go-fuse to bazil/fuse 2015-09-03 18:22:18 +02:00			`import (`
Split into FS and File 2015-09-03 18:57:28 +02:00			`"crypto/aes"`
Run go fmt 2015-10-04 14:36:20 +02:00			`"crypto/cipher"`
			`"fmt"`
Port from go-fuse to bazil/fuse 2015-09-03 18:22:18 +02:00			`)`

Split into FS and File 2015-09-03 18:57:28 +02:00			`const (`
Implement proper daemonization The shell wrapper sends gocryptfs into the background and waits for SIGUSR1 2015-10-06 00:29:08 +02:00			`DEFAULT_PLAINBS = 4096`
Switch to AES-256 AES-256 seems to be becoming the industry standard. While AES-128 is good enough for tens of years to come, let's follow suit and be extra safe. 2015-10-06 20:51:35 +02:00			`KEY_LEN = 32 // AES-256`
Run go fmt 2015-10-04 14:36:20 +02:00			`AUTH_TAG_LEN = 16`
diriv: Create gocryptfs.diriv in every directory 2015-11-25 19:30:32 +01:00			`DIRIV_LEN = 16 // identical to AES block size`
			`DIRIV_FILENAME = "gocryptfs.diriv"`
Split into FS and File 2015-09-03 18:57:28 +02:00			`)`

Rebase to cluefs https://github.com/airnandez/cluefs 2015-09-04 20:31:06 +02:00			`type CryptFS struct {`
Split into FS and File 2015-09-03 18:57:28 +02:00			`blockCipher cipher.Block`
Run go fmt 2015-10-04 14:36:20 +02:00			`gcm cipher.AEAD`
Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. 2015-12-19 14:41:39 +01:00			`gcmIVLen int`
			`gcmIVGen nonceGenerator`
Run go fmt 2015-10-04 14:36:20 +02:00			`plainBS uint64`
			`cipherBS uint64`
Implement file hole passtrough Fixes xfstests generic/010 Note that file holes are not authenticated, 2015-10-03 13:34:33 +02:00			`// Stores an all-zero block of size cipherBS`
go fmt ...and minimal comment changes. 2015-12-13 20:10:52 +01:00			`allZeroBlock []byte`
Add single-element cache for DirIV lookup Another 3x performance boost for applications that walk the directory tree. Excerpt from performance.txt: VERSION UNTAR LS RM v0.4 48 1.5 5 v0.5-rc1 56 7 19 v0.5-rc1-1 54 4.1 9 v0.5-rc1-2 45 1.7 3.4 <---- THIS VERSION 2015-11-29 21:41:38 +01:00			`// DirIV cache for filename encryption`
			`DirIVCacheEnc DirIVCache`
Split into FS and File 2015-09-03 18:57:28 +02:00			`}`

Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. 2015-12-19 14:41:39 +01:00			`func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool, GCMIV128 bool) *CryptFS {`
Split into FS and File 2015-09-03 18:57:28 +02:00
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`if len(key) != KEY_LEN {`
			`panic(fmt.Sprintf("Unsupported key length %d", len(key)))`
			`}`

			`b, err := aes.NewCipher(key)`
Split into FS and File 2015-09-03 18:57:28 +02:00			`if err != nil {`
			`panic(err)`
			`}`

Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. 2015-12-19 14:41:39 +01:00			`// We want the IV size in bytes`
			`gcmIV := 96 / 8`
			`if GCMIV128 {`
			`gcmIV = 128 / 8`
			`}`

Add OpenSSL support for file content encryption/decryption This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes) 2015-09-06 10:38:43 +02:00			`var gcm cipher.AEAD`
			`if useOpenssl {`
Switch to AES-256 AES-256 seems to be becoming the industry standard. While AES-128 is good enough for tens of years to come, let's follow suit and be extra safe. 2015-10-06 20:51:35 +02:00			`gcm = opensslGCM{key}`
Add OpenSSL support for file content encryption/decryption This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes) 2015-09-06 10:38:43 +02:00			`} else {`
Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. 2015-12-19 14:41:39 +01:00			`gcm, err = cipher.NewGCMWithNonceSize(b, gcmIV)`
Add OpenSSL support for file content encryption/decryption This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes) 2015-09-06 10:38:43 +02:00			`if err != nil {`
			`panic(err)`
			`}`
Split into FS and File 2015-09-03 18:57:28 +02:00			`}`

Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. 2015-12-19 14:41:39 +01:00			`plainBS := DEFAULT_PLAINBS`
			`cipherBS := plainBS + gcmIV + AUTH_TAG_LEN`
Implement file hole passtrough Fixes xfstests generic/010 Note that file holes are not authenticated, 2015-10-03 13:34:33 +02:00
Rebase to cluefs https://github.com/airnandez/cluefs 2015-09-04 20:31:06 +02:00			`return &CryptFS{`
go fmt ...and minimal comment changes. 2015-12-13 20:10:52 +01:00			`blockCipher: b,`
			`gcm: gcm,`
Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. 2015-12-19 14:41:39 +01:00			`gcmIVLen: gcmIV,`
			`gcmIVGen: nonceGenerator{nonceLen: gcmIV},`
			`plainBS: uint64(plainBS),`
go fmt ...and minimal comment changes. 2015-12-13 20:10:52 +01:00			`cipherBS: uint64(cipherBS),`
			`allZeroBlock: make([]byte, cipherBS),`
Split into FS and File 2015-09-03 18:57:28 +02:00			`}`
			`}`

debug: log inode number instead of encrypted filename Makes the log output smaller and more readable. 2015-10-03 13:36:49 +02:00			`// Get plaintext block size`
Fix size reporting 2015-09-05 20:11:20 +02:00			`func (be *CryptFS) PlainBS() uint64 {`
Fix write path 2015-09-05 19:07:20 +02:00			`return be.plainBS`
			`}`
Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. 2015-12-19 14:41:39 +01:00
			`// Per-block storage overhead`
			`func (be *CryptFS) BlockOverhead() uint64 {`
			`return be.cipherBS - be.plainBS`
			`}`