libgocryptfs/cryptfs/file.go

149 lines
3.4 KiB
Go
Raw Normal View History

2015-09-03 18:57:28 +02:00
package cryptfs
2015-09-03 18:22:18 +02:00
import (
"fmt"
"os"
"io"
"errors"
2015-09-03 18:57:28 +02:00
"crypto/cipher"
2015-09-03 18:22:18 +02:00
)
2015-09-03 18:57:28 +02:00
type File struct {
file *os.File
gcm cipher.AEAD
plainBS int64
cipherBS int64
}
2015-09-03 18:22:18 +02:00
// readCipherBlock - Read ciphertext block number "blockNo", decrypt,
// return plaintext
2015-09-03 18:57:28 +02:00
func (be *File) readCipherBlock(blockNo int64) ([]byte, error) {
2015-09-03 18:22:18 +02:00
off := blockNo * int64(be.cipherBS)
buf := make([]byte, be.cipherBS)
2015-09-03 18:57:28 +02:00
readN, err := be.file.ReadAt(buf, off)
2015-09-03 18:22:18 +02:00
if err != nil && err != io.EOF {
return nil, err
}
// Truncate buffer to actually read bytes
buf = buf[:readN]
// Empty block?file:///home/jakob/go/src/github.com/rfjakob/gocryptfs-bazil/backend/backend.go
if len(buf) == 0 {
return buf, nil
}
if len(buf) < NONCE_LEN {
warn.Printf("readCipherBlock: Block is too short: %d bytes\n", len(buf))
return nil, errors.New("Block is too short")
}
// Extract nonce
nonce := buf[:NONCE_LEN]
buf = buf[NONCE_LEN:]
// Decrypt
var plainBuf []byte
plainBuf, err = be.gcm.Open(plainBuf, nonce, buf, nil)
if err != nil {
fmt.Printf("gcm.Open() failed: %d\n", err)
return nil, err
}
return plainBuf, nil
}
// intraBlock identifies a part of a file block
type intraBlock struct {
blockNo int64 // Block number in file
offset int64 // Offset into block plaintext
length int64 // Length of data from this block
}
// Split a plaintext byte range into (possible partial) blocks
2015-09-03 18:57:28 +02:00
func (be *File) splitRange(offset int64, length int64) []intraBlock {
2015-09-03 18:22:18 +02:00
var b intraBlock
var parts []intraBlock
for length > 0 {
b.blockNo = offset / be.plainBS
b.offset = offset % be.plainBS
b.length = be.min64(length, be.plainBS - b.offset)
parts = append(parts, b)
offset += b.length
length -= b.length
}
return parts
}
2015-09-03 18:57:28 +02:00
func (be *File) min64(x int64, y int64) int64 {
2015-09-03 18:22:18 +02:00
if x < y {
return x
}
return y
}
// writeCipherBlock - Encrypt plaintext and write it to file block "blockNo"
2015-09-03 18:57:28 +02:00
func (be *File) writeCipherBlock(blockNo int64, plain []byte) error {
2015-09-03 18:22:18 +02:00
if int64(len(plain)) > be.plainBS {
panic("writeCipherBlock: Cannot write block that is larger than plainBS")
}
// Get fresh nonce
nonce := gcmNonce.Get()
// Encrypt data and append to nonce
cipherBuf := be.gcm.Seal(nonce, nonce, plain, nil)
// WriteAt retries short writes autmatically
2015-09-03 18:57:28 +02:00
written, err := be.file.WriteAt(cipherBuf, blockNo * be.cipherBS)
2015-09-03 18:22:18 +02:00
debug.Printf("writeCipherBlock: wrote %d ciphertext bytes to block %d\n",
written, blockNo)
return err
}
// Perform RMW cycle on block
// Write "data" into file location specified in "b"
2015-09-03 18:57:28 +02:00
func (be *File) rmwWrite(b intraBlock, data []byte, f *os.File) error {
2015-09-03 18:22:18 +02:00
if b.length != int64(len(data)) {
panic("Length mismatch")
}
2015-09-03 18:57:28 +02:00
oldBlock, err := be.readCipherBlock(b.blockNo)
2015-09-03 18:22:18 +02:00
if err != nil {
return err
}
newBlockLen := b.offset + b.length
debug.Printf("newBlockLen := %d + %d\n", b.offset, b.length)
var newBlock []byte
// Write goes beyond the old block and grows the file?
// Must create a bigger newBlock
if newBlockLen > int64(len(oldBlock)) {
newBlock = make([]byte, newBlockLen)
} else {
newBlock = make([]byte, len(oldBlock))
}
// Fill with old data
copy(newBlock, oldBlock)
// Then overwrite the relevant parts with new data
copy(newBlock[b.offset:b.offset + b.length], data)
// Actual write
2015-09-03 18:57:28 +02:00
err = be.writeCipherBlock(b.blockNo, newBlock)
2015-09-03 18:22:18 +02:00
if err != nil {
// An incomplete write to a ciphertext block means that the whole block
// is destroyed.
fmt.Printf("rmwWrite: Write error: %s\n", err)
}
return err
}