libgocryptfs/cryptfs/cryptfs.go

package cryptfs

// CryptFS is the crypto backend of GoCryptFS

import (
	"fmt"
	"crypto/cipher"
	"crypto/aes"
)

const (
	KEY_LEN = 16
	NONCE_LEN = 12
	AUTH_TAG_LEN = 16
	DEFAULT_PLAINBS = 4096
)

type CryptFS struct {
	blockCipher cipher.Block
	gcm cipher.AEAD
	plainBS	uint64
	cipherBS uint64
	// Stores an all-zero block of size cipherBS
	allZeroBlock []byte
}

func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {

	if len(key) != KEY_LEN {
		panic(fmt.Sprintf("Unsupported key length %d", len(key)))
	}

	b, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}

	var gcm cipher.AEAD
	if useOpenssl {
		var k16 [16]byte
		copy(k16[:], key)
		gcm = opensslGCM{k16}
	} else {
		gcm, err = cipher.NewGCM(b)
		if err != nil {
			panic(err)
		}
	}

	cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN

	return &CryptFS{
		blockCipher: b,
		gcm: gcm,
		plainBS: DEFAULT_PLAINBS,
		cipherBS: uint64(cipherBS),
		allZeroBlock: make([]byte, cipherBS),
	}
}

func (be *CryptFS) PlainBS() uint64 {
	return be.plainBS
}
Split into FS and File 2015-09-03 18:57:28 +02:00			`package cryptfs`
Port from go-fuse to bazil/fuse 2015-09-03 18:22:18 +02:00
Cleanup and rename files 2015-09-05 20:30:20 +02:00			`// CryptFS is the crypto backend of GoCryptFS`

Port from go-fuse to bazil/fuse 2015-09-03 18:22:18 +02:00			`import (`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`"fmt"`
Split into FS and File 2015-09-03 18:57:28 +02:00			`"crypto/cipher"`
			`"crypto/aes"`
Port from go-fuse to bazil/fuse 2015-09-03 18:22:18 +02:00			`)`

Split into FS and File 2015-09-03 18:57:28 +02:00			`const (`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`KEY_LEN = 16`
Split into FS and File 2015-09-03 18:57:28 +02:00			`NONCE_LEN = 12`
			`AUTH_TAG_LEN = 16`
			`DEFAULT_PLAINBS = 4096`
			`)`

Rebase to cluefs https://github.com/airnandez/cluefs 2015-09-04 20:31:06 +02:00			`type CryptFS struct {`
Split into FS and File 2015-09-03 18:57:28 +02:00			`blockCipher cipher.Block`
			`gcm cipher.AEAD`
Fix size reporting 2015-09-05 20:11:20 +02:00			`plainBS uint64`
			`cipherBS uint64`
Implement file hole passtrough Fixes xfstests generic/010 Note that file holes are not authenticated, 2015-10-03 13:34:33 +02:00			`// Stores an all-zero block of size cipherBS`
			`allZeroBlock []byte`
Split into FS and File 2015-09-03 18:57:28 +02:00			`}`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {`
Split into FS and File 2015-09-03 18:57:28 +02:00
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`if len(key) != KEY_LEN {`
			`panic(fmt.Sprintf("Unsupported key length %d", len(key)))`
			`}`

			`b, err := aes.NewCipher(key)`
Split into FS and File 2015-09-03 18:57:28 +02:00			`if err != nil {`
			`panic(err)`
			`}`

Add OpenSSL support for file content encryption/decryption This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes) 2015-09-06 10:38:43 +02:00			`var gcm cipher.AEAD`
			`if useOpenssl {`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`var k16 [16]byte`
			`copy(k16[:], key)`
			`gcm = opensslGCM{k16}`
Add OpenSSL support for file content encryption/decryption This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes) 2015-09-06 10:38:43 +02:00			`} else {`
			`gcm, err = cipher.NewGCM(b)`
			`if err != nil {`
			`panic(err)`
			`}`
Split into FS and File 2015-09-03 18:57:28 +02:00			`}`

Implement file hole passtrough Fixes xfstests generic/010 Note that file holes are not authenticated, 2015-10-03 13:34:33 +02:00			`cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN`

Rebase to cluefs https://github.com/airnandez/cluefs 2015-09-04 20:31:06 +02:00			`return &CryptFS{`
Split into FS and File 2015-09-03 18:57:28 +02:00			`blockCipher: b,`
Add OpenSSL support for file content encryption/decryption This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes) 2015-09-06 10:38:43 +02:00			`gcm: gcm,`
Split into FS and File 2015-09-03 18:57:28 +02:00			`plainBS: DEFAULT_PLAINBS,`
Implement file hole passtrough Fixes xfstests generic/010 Note that file holes are not authenticated, 2015-10-03 13:34:33 +02:00			`cipherBS: uint64(cipherBS),`
			`allZeroBlock: make([]byte, cipherBS),`
Split into FS and File 2015-09-03 18:57:28 +02:00			`}`
			`}`

Fix size reporting 2015-09-05 20:11:20 +02:00			`func (be *CryptFS) PlainBS() uint64 {`
Fix write path 2015-09-05 19:07:20 +02:00			`return be.plainBS`
			`}`