2015-09-05 20:30:20 +02:00
|
|
|
package cryptfs
|
|
|
|
|
|
|
|
// File content encryption / decryption
|
|
|
|
|
|
|
|
import (
|
2015-09-06 09:47:01 +02:00
|
|
|
"bytes"
|
2015-09-05 20:30:20 +02:00
|
|
|
"crypto/cipher"
|
2015-10-03 13:36:49 +02:00
|
|
|
"crypto/md5"
|
2015-10-07 22:58:22 +02:00
|
|
|
"encoding/binary"
|
2015-10-03 13:36:49 +02:00
|
|
|
"encoding/hex"
|
2015-10-04 14:36:20 +02:00
|
|
|
"errors"
|
|
|
|
"os"
|
2015-09-05 20:30:20 +02:00
|
|
|
)
|
|
|
|
|
2015-10-03 13:36:49 +02:00
|
|
|
// md5sum - debug helper, return md5 hex string
|
|
|
|
func md5sum(buf []byte) string {
|
|
|
|
rawHash := md5.Sum(buf)
|
|
|
|
hash := hex.EncodeToString(rawHash[:])
|
|
|
|
return hash
|
|
|
|
}
|
|
|
|
|
2015-09-05 20:30:20 +02:00
|
|
|
type CryptFile struct {
|
|
|
|
file *os.File
|
2015-10-04 14:36:20 +02:00
|
|
|
gcm cipher.AEAD
|
2015-09-05 20:30:20 +02:00
|
|
|
}
|
|
|
|
|
2015-09-06 09:47:01 +02:00
|
|
|
// DecryptBlocks - Decrypt a number of blocks
|
2015-11-01 01:32:33 +01:00
|
|
|
func (be *CryptFS) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error) {
|
2015-09-06 09:47:01 +02:00
|
|
|
cBuf := bytes.NewBuffer(ciphertext)
|
|
|
|
var err error
|
|
|
|
var pBuf bytes.Buffer
|
|
|
|
for cBuf.Len() > 0 {
|
|
|
|
cBlock := cBuf.Next(int(be.cipherBS))
|
2015-09-30 20:31:41 +02:00
|
|
|
var pBlock []byte
|
2015-11-01 01:32:33 +01:00
|
|
|
pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileId)
|
2015-09-06 09:47:01 +02:00
|
|
|
if err != nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
pBuf.Write(pBlock)
|
2015-10-06 22:27:37 +02:00
|
|
|
firstBlockNo++
|
2015-09-06 09:47:01 +02:00
|
|
|
}
|
|
|
|
return pBuf.Bytes(), err
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecryptBlock - Verify and decrypt GCM block
|
2015-10-03 13:34:33 +02:00
|
|
|
//
|
|
|
|
// Corner case: A full-sized block of all-zero ciphertext bytes is translated
|
|
|
|
// to an all-zero plaintext block, i.e. file hole passtrough.
|
2015-11-01 01:32:33 +01:00
|
|
|
func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte) ([]byte, error) {
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
// Empty block?
|
|
|
|
if len(ciphertext) == 0 {
|
|
|
|
return ciphertext, nil
|
|
|
|
}
|
|
|
|
|
2015-10-03 13:34:33 +02:00
|
|
|
// All-zero block?
|
|
|
|
if bytes.Equal(ciphertext, be.allZeroBlock) {
|
|
|
|
Debug.Printf("DecryptBlock: file hole encountered\n")
|
|
|
|
return make([]byte, be.plainBS), nil
|
|
|
|
}
|
|
|
|
|
2015-12-19 14:41:39 +01:00
|
|
|
if len(ciphertext) < be.gcmIVLen {
|
2015-11-03 21:05:47 +01:00
|
|
|
Warn.Printf("DecryptBlock: Block is too short: %d bytes\n", len(ciphertext))
|
2015-09-05 20:30:20 +02:00
|
|
|
return nil, errors.New("Block is too short")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Extract nonce
|
2015-12-19 14:41:39 +01:00
|
|
|
nonce := ciphertext[:be.gcmIVLen]
|
2015-10-03 13:36:49 +02:00
|
|
|
ciphertextOrig := ciphertext
|
2015-12-19 14:41:39 +01:00
|
|
|
ciphertext = ciphertext[be.gcmIVLen:]
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
// Decrypt
|
|
|
|
var plaintext []byte
|
2015-10-06 22:27:37 +02:00
|
|
|
aData := make([]byte, 8)
|
2015-11-01 01:32:33 +01:00
|
|
|
aData = append(aData, fileId...)
|
2015-10-06 22:27:37 +02:00
|
|
|
binary.BigEndian.PutUint64(aData, blockNo)
|
2015-10-20 20:26:52 +02:00
|
|
|
plaintext, err := be.gcm.Open(plaintext, nonce, ciphertext, aData)
|
2015-09-06 10:38:43 +02:00
|
|
|
|
2015-09-05 20:30:20 +02:00
|
|
|
if err != nil {
|
2015-10-03 13:36:49 +02:00
|
|
|
Warn.Printf("DecryptBlock: %s, len=%d, md5=%s\n", err.Error(), len(ciphertextOrig), Warn.Md5sum(ciphertextOrig))
|
2015-10-04 00:26:20 +02:00
|
|
|
Debug.Println(hex.Dump(ciphertextOrig))
|
2015-09-05 20:30:20 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return plaintext, nil
|
|
|
|
}
|
|
|
|
|
2015-11-01 01:32:33 +01:00
|
|
|
// encryptBlock - Encrypt and add IV and MAC
|
2015-12-13 20:10:52 +01:00
|
|
|
func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte {
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
// Empty block?
|
|
|
|
if len(plaintext) == 0 {
|
|
|
|
return plaintext
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get fresh nonce
|
2015-12-19 14:41:39 +01:00
|
|
|
nonce := be.gcmIVGen.Get()
|
2015-09-05 20:30:20 +02:00
|
|
|
|
2015-12-13 20:10:52 +01:00
|
|
|
// Authenticate block with block number and file ID
|
2015-10-06 22:27:37 +02:00
|
|
|
aData := make([]byte, 8)
|
|
|
|
binary.BigEndian.PutUint64(aData, blockNo)
|
2015-12-13 20:10:52 +01:00
|
|
|
aData = append(aData, fileID...)
|
|
|
|
|
|
|
|
// Encrypt plaintext and append to nonce
|
2015-10-20 20:26:52 +02:00
|
|
|
ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData)
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
return ciphertext
|
|
|
|
}
|
|
|
|
|
2015-09-08 00:54:24 +02:00
|
|
|
// MergeBlocks - Merge newData into oldData at offset
|
|
|
|
// New block may be bigger than both newData and oldData
|
|
|
|
func (be *CryptFS) MergeBlocks(oldData []byte, newData []byte, offset int) []byte {
|
|
|
|
|
|
|
|
// Make block of maximum size
|
|
|
|
out := make([]byte, be.plainBS)
|
|
|
|
|
|
|
|
// Copy old and new data into it
|
|
|
|
copy(out, oldData)
|
|
|
|
l := len(newData)
|
2015-10-04 14:36:20 +02:00
|
|
|
copy(out[offset:offset+l], newData)
|
2015-09-08 00:54:24 +02:00
|
|
|
|
|
|
|
// Crop to length
|
|
|
|
outLen := len(oldData)
|
|
|
|
newLen := offset + len(newData)
|
|
|
|
if outLen < newLen {
|
|
|
|
outLen = newLen
|
|
|
|
}
|
|
|
|
return out[0:outLen]
|
|
|
|
}
|