2015-09-03 18:57:28 +02:00
|
|
|
package cryptfs
|
2015-09-03 18:22:18 +02:00
|
|
|
|
2015-09-05 20:30:20 +02:00
|
|
|
// CryptFS is the crypto backend of GoCryptFS
|
|
|
|
|
2015-09-03 18:22:18 +02:00
|
|
|
import (
|
2015-09-03 18:57:28 +02:00
|
|
|
"crypto/aes"
|
2015-10-04 14:36:20 +02:00
|
|
|
"crypto/cipher"
|
|
|
|
"fmt"
|
2015-09-03 18:22:18 +02:00
|
|
|
)
|
|
|
|
|
2015-09-03 18:57:28 +02:00
|
|
|
const (
|
2015-10-06 00:29:08 +02:00
|
|
|
DEFAULT_PLAINBS = 4096
|
2015-10-06 20:51:35 +02:00
|
|
|
KEY_LEN = 32 // AES-256
|
2015-10-04 14:36:20 +02:00
|
|
|
NONCE_LEN = 12
|
|
|
|
AUTH_TAG_LEN = 16
|
2015-11-01 12:11:36 +01:00
|
|
|
BLOCK_OVERHEAD = NONCE_LEN + AUTH_TAG_LEN
|
2015-11-25 19:30:32 +01:00
|
|
|
DIRIV_LEN = 16 // identical to AES block size
|
|
|
|
DIRIV_FILENAME = "gocryptfs.diriv"
|
2015-09-03 18:57:28 +02:00
|
|
|
)
|
|
|
|
|
2015-09-04 20:31:06 +02:00
|
|
|
type CryptFS struct {
|
2015-09-03 18:57:28 +02:00
|
|
|
blockCipher cipher.Block
|
2015-10-04 14:36:20 +02:00
|
|
|
gcm cipher.AEAD
|
|
|
|
plainBS uint64
|
|
|
|
cipherBS uint64
|
2015-10-03 13:34:33 +02:00
|
|
|
// Stores an all-zero block of size cipherBS
|
2015-11-03 00:06:04 +01:00
|
|
|
allZeroBlock []byte
|
2015-11-03 00:00:13 +01:00
|
|
|
plaintextNames bool
|
2015-11-29 21:41:38 +01:00
|
|
|
// DirIV cache for filename encryption
|
|
|
|
DirIVCacheEnc DirIVCache
|
2015-09-03 18:57:28 +02:00
|
|
|
}
|
|
|
|
|
2015-11-03 00:00:13 +01:00
|
|
|
func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS {
|
2015-09-03 18:57:28 +02:00
|
|
|
|
2015-09-13 21:47:18 +02:00
|
|
|
if len(key) != KEY_LEN {
|
|
|
|
panic(fmt.Sprintf("Unsupported key length %d", len(key)))
|
|
|
|
}
|
|
|
|
|
|
|
|
b, err := aes.NewCipher(key)
|
2015-09-03 18:57:28 +02:00
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2015-09-06 10:38:43 +02:00
|
|
|
var gcm cipher.AEAD
|
|
|
|
if useOpenssl {
|
2015-10-06 20:51:35 +02:00
|
|
|
gcm = opensslGCM{key}
|
2015-09-06 10:38:43 +02:00
|
|
|
} else {
|
|
|
|
gcm, err = cipher.NewGCM(b)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
2015-09-03 18:57:28 +02:00
|
|
|
}
|
|
|
|
|
2015-10-03 13:34:33 +02:00
|
|
|
cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN
|
|
|
|
|
2015-09-04 20:31:06 +02:00
|
|
|
return &CryptFS{
|
2015-11-03 00:06:04 +01:00
|
|
|
blockCipher: b,
|
|
|
|
gcm: gcm,
|
|
|
|
plainBS: DEFAULT_PLAINBS,
|
|
|
|
cipherBS: uint64(cipherBS),
|
|
|
|
allZeroBlock: make([]byte, cipherBS),
|
2015-11-03 00:00:13 +01:00
|
|
|
plaintextNames: plaintextNames,
|
2015-09-03 18:57:28 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-10-03 13:36:49 +02:00
|
|
|
// Get plaintext block size
|
2015-09-05 20:11:20 +02:00
|
|
|
func (be *CryptFS) PlainBS() uint64 {
|
2015-09-05 19:07:20 +02:00
|
|
|
return be.plainBS
|
|
|
|
}
|