2016-02-06 19:20:54 +01:00
|
|
|
package contentenc
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
// File content encryption / decryption
|
|
|
|
|
|
|
|
import (
|
2016-02-06 19:20:54 +01:00
|
|
|
"bytes"
|
2016-02-06 20:23:36 +01:00
|
|
|
"encoding/binary"
|
2015-10-03 13:36:49 +02:00
|
|
|
"encoding/hex"
|
2015-10-04 14:36:20 +02:00
|
|
|
"errors"
|
2015-09-05 20:30:20 +02:00
|
|
|
|
2016-02-06 19:20:54 +01:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/toggledlog"
|
|
|
|
)
|
2015-09-05 20:30:20 +02:00
|
|
|
|
2015-09-06 09:47:01 +02:00
|
|
|
// DecryptBlocks - Decrypt a number of blocks
|
2016-02-06 19:20:54 +01:00
|
|
|
func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error) {
|
2015-09-06 09:47:01 +02:00
|
|
|
cBuf := bytes.NewBuffer(ciphertext)
|
|
|
|
var err error
|
|
|
|
var pBuf bytes.Buffer
|
|
|
|
for cBuf.Len() > 0 {
|
|
|
|
cBlock := cBuf.Next(int(be.cipherBS))
|
2015-09-30 20:31:41 +02:00
|
|
|
var pBlock []byte
|
2015-11-01 01:32:33 +01:00
|
|
|
pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileId)
|
2015-09-06 09:47:01 +02:00
|
|
|
if err != nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
pBuf.Write(pBlock)
|
2015-10-06 22:27:37 +02:00
|
|
|
firstBlockNo++
|
2015-09-06 09:47:01 +02:00
|
|
|
}
|
|
|
|
return pBuf.Bytes(), err
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecryptBlock - Verify and decrypt GCM block
|
2015-10-03 13:34:33 +02:00
|
|
|
//
|
|
|
|
// Corner case: A full-sized block of all-zero ciphertext bytes is translated
|
|
|
|
// to an all-zero plaintext block, i.e. file hole passtrough.
|
2016-02-06 19:20:54 +01:00
|
|
|
func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte) ([]byte, error) {
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
// Empty block?
|
|
|
|
if len(ciphertext) == 0 {
|
|
|
|
return ciphertext, nil
|
|
|
|
}
|
|
|
|
|
2015-10-03 13:34:33 +02:00
|
|
|
// All-zero block?
|
|
|
|
if bytes.Equal(ciphertext, be.allZeroBlock) {
|
2016-02-06 19:20:54 +01:00
|
|
|
toggledlog.Debug.Printf("DecryptBlock: file hole encountered")
|
2015-10-03 13:34:33 +02:00
|
|
|
return make([]byte, be.plainBS), nil
|
|
|
|
}
|
|
|
|
|
2016-02-06 19:20:54 +01:00
|
|
|
if len(ciphertext) < be.cryptoCore.IVLen {
|
|
|
|
toggledlog.Warn.Printf("DecryptBlock: Block is too short: %d bytes", len(ciphertext))
|
2015-09-05 20:30:20 +02:00
|
|
|
return nil, errors.New("Block is too short")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Extract nonce
|
2016-02-06 19:20:54 +01:00
|
|
|
nonce := ciphertext[:be.cryptoCore.IVLen]
|
2015-10-03 13:36:49 +02:00
|
|
|
ciphertextOrig := ciphertext
|
2016-02-06 19:20:54 +01:00
|
|
|
ciphertext = ciphertext[be.cryptoCore.IVLen:]
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
// Decrypt
|
|
|
|
var plaintext []byte
|
2015-10-06 22:27:37 +02:00
|
|
|
aData := make([]byte, 8)
|
2015-11-01 01:32:33 +01:00
|
|
|
aData = append(aData, fileId...)
|
2015-10-06 22:27:37 +02:00
|
|
|
binary.BigEndian.PutUint64(aData, blockNo)
|
2016-02-06 19:20:54 +01:00
|
|
|
plaintext, err := be.cryptoCore.Gcm.Open(plaintext, nonce, ciphertext, aData)
|
2015-09-06 10:38:43 +02:00
|
|
|
|
2015-09-05 20:30:20 +02:00
|
|
|
if err != nil {
|
2016-02-06 19:20:54 +01:00
|
|
|
toggledlog.Warn.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig))
|
|
|
|
toggledlog.Debug.Println(hex.Dump(ciphertextOrig))
|
2015-09-05 20:30:20 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return plaintext, nil
|
|
|
|
}
|
|
|
|
|
2015-11-01 01:32:33 +01:00
|
|
|
// encryptBlock - Encrypt and add IV and MAC
|
2016-02-06 19:20:54 +01:00
|
|
|
func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte {
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
// Empty block?
|
|
|
|
if len(plaintext) == 0 {
|
|
|
|
return plaintext
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get fresh nonce
|
2016-02-06 19:20:54 +01:00
|
|
|
nonce := be.cryptoCore.GcmIVGen.Get()
|
2015-09-05 20:30:20 +02:00
|
|
|
|
2015-12-13 20:10:52 +01:00
|
|
|
// Authenticate block with block number and file ID
|
2015-10-06 22:27:37 +02:00
|
|
|
aData := make([]byte, 8)
|
|
|
|
binary.BigEndian.PutUint64(aData, blockNo)
|
2015-12-13 20:10:52 +01:00
|
|
|
aData = append(aData, fileID...)
|
|
|
|
|
|
|
|
// Encrypt plaintext and append to nonce
|
2016-02-06 19:20:54 +01:00
|
|
|
ciphertext := be.cryptoCore.Gcm.Seal(nonce, nonce, plaintext, aData)
|
2015-09-05 20:30:20 +02:00
|
|
|
|
|
|
|
return ciphertext
|
|
|
|
}
|
|
|
|
|
2015-09-08 00:54:24 +02:00
|
|
|
// MergeBlocks - Merge newData into oldData at offset
|
|
|
|
// New block may be bigger than both newData and oldData
|
2016-02-06 19:20:54 +01:00
|
|
|
func (be *ContentEnc) MergeBlocks(oldData []byte, newData []byte, offset int) []byte {
|
2015-09-08 00:54:24 +02:00
|
|
|
|
|
|
|
// Make block of maximum size
|
|
|
|
out := make([]byte, be.plainBS)
|
|
|
|
|
|
|
|
// Copy old and new data into it
|
|
|
|
copy(out, oldData)
|
|
|
|
l := len(newData)
|
2015-10-04 14:36:20 +02:00
|
|
|
copy(out[offset:offset+l], newData)
|
2015-09-08 00:54:24 +02:00
|
|
|
|
|
|
|
// Crop to length
|
|
|
|
outLen := len(oldData)
|
|
|
|
newLen := offset + len(newData)
|
|
|
|
if outLen < newLen {
|
|
|
|
outLen = newLen
|
|
|
|
}
|
|
|
|
return out[0:outLen]
|
|
|
|
}
|