Jakob Unterwurzacher
parent
8518d6d7bd
commit
00a712b4d1
|
|
@ -24,7 +24,7 @@ type CryptFS struct {
|
|||
plainBS uint64
|
||||
cipherBS uint64
|
||||
// Stores an all-zero block of size cipherBS
|
||||
allZeroBlock []byte
|
||||
allZeroBlock []byte
|
||||
// DirIV cache for filename encryption
|
||||
DirIVCacheEnc DirIVCache
|
||||
}
|
||||
|
|
@ -53,11 +53,11 @@ func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS {
|
|||
cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN
|
||||
|
||||
return &CryptFS{
|
||||
blockCipher: b,
|
||||
gcm: gcm,
|
||||
plainBS: DEFAULT_PLAINBS,
|
||||
cipherBS: uint64(cipherBS),
|
||||
allZeroBlock: make([]byte, cipherBS),
|
||||
blockCipher: b,
|
||||
gcm: gcm,
|
||||
plainBS: DEFAULT_PLAINBS,
|
||||
cipherBS: uint64(cipherBS),
|
||||
allZeroBlock: make([]byte, cipherBS),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte
|
|||
}
|
||||
|
||||
// encryptBlock - Encrypt and add IV and MAC
|
||||
func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) []byte {
|
||||
func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte {
|
||||
|
||||
// Empty block?
|
||||
if len(plaintext) == 0 {
|
||||
|
|
@ -96,10 +96,12 @@ func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte)
|
|||
// Get fresh nonce
|
||||
nonce := gcmNonce.Get()
|
||||
|
||||
// Encrypt plaintext and append to nonce
|
||||
// Authenticate block with block number and file ID
|
||||
aData := make([]byte, 8)
|
||||
binary.BigEndian.PutUint64(aData, blockNo)
|
||||
aData = append(aData, fileId...)
|
||||
aData = append(aData, fileID...)
|
||||
|
||||
// Encrypt plaintext and append to nonce
|
||||
ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData)
|
||||
|
||||
return ciphertext
|
||||
|
|
|
|||
|
|
@ -3,15 +3,15 @@
|
|||
package cryptfs
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"crypto/cipher"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
// goGCMWrapper - This wrapper makes sure gocryptfs can be compiled on Go
|
||||
// versions 1.4 and lower that lack NewGCMWithNonceSize().
|
||||
// 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when
|
||||
// compiled on 1.4.
|
||||
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){
|
||||
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) {
|
||||
if nonceSize != 12 {
|
||||
Warn.Printf("128 bit GCM IVs are not supported by Go 1.4 and lower.\n")
|
||||
Warn.Printf("Please use openssl crypto or recompile using a newer Go runtime.\n")
|
||||
|
|
|
|||
|
|
@ -10,6 +10,6 @@ import (
|
|||
// versions 1.4 and lower that lack NewGCMWithNonceSize().
|
||||
// 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when
|
||||
// compiled on 1.4.
|
||||
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){
|
||||
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) {
|
||||
return cipher.NewGCMWithNonceSize(bc, nonceSize)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
package cryptfs
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
"encoding/json"
|
||||
)
|
||||
|
||||
type logChannel struct {
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
package cryptfs
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"bytes"
|
||||
"crypto/rand"
|
||||
"encoding/binary"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ func TestInitPlaintextNames(t *testing.T) {
|
|||
if err == nil {
|
||||
t.Errorf("gocryptfs.diriv should not have been created with -plaintextnames")
|
||||
}
|
||||
_, cf, err := cryptfs.LoadConfFile(dir + cryptfs.ConfDefaultName, "test")
|
||||
_, cf, err := cryptfs.LoadConfFile(dir+cryptfs.ConfDefaultName, "test")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
package integration_tests
|
||||
|
||||
import (
|
||||
"syscall"
|
||||
"crypto/md5"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"syscall"
|
||||
"testing"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/cryptfs"
|
||||
|
|
@ -143,7 +143,7 @@ func testMkdirRmdir(t *testing.T, plainDir string) {
|
|||
if errno != syscall.ENOTEMPTY {
|
||||
t.Errorf("Should have gotten ENOTEMPTY, go %v", errno)
|
||||
}
|
||||
if syscall.Unlink(dir + "/file") != nil {
|
||||
if syscall.Unlink(dir+"/file") != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if syscall.Rmdir(dir) != nil {
|
||||
|
|
@ -164,8 +164,8 @@ func testMkdirRmdir(t *testing.T, plainDir string) {
|
|||
|
||||
// Create and rename a file
|
||||
func testRename(t *testing.T, plainDir string) {
|
||||
file1 := plainDir+"rename1"
|
||||
file2 := plainDir+"rename2"
|
||||
file1 := plainDir + "rename1"
|
||||
file2 := plainDir + "rename2"
|
||||
err := ioutil.WriteFile(file1, []byte("content"), 0777)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
|
|
|
|||
|
|
@ -333,7 +333,6 @@ func TestRename(t *testing.T) {
|
|||
testRename(t, defaultPlainDir)
|
||||
}
|
||||
|
||||
|
||||
// Overwrite an empty directory with another directory
|
||||
func TestDirOverwrite(t *testing.T) {
|
||||
dir1 := defaultPlainDir + "DirOverwrite1"
|
||||
|
|
|
|||
|
|
@ -261,7 +261,6 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
|||
cryptfs.Debug.Printf("len(oldData)=%d len(blockData)=%d\n", len(oldData), len(blockData))
|
||||
}
|
||||
|
||||
// Write
|
||||
blockOffset, blockLen := b.CiphertextRange()
|
||||
blockData = f.cfs.EncryptBlock(blockData, b.BlockNo, f.header.Id)
|
||||
cryptfs.Debug.Printf("ino%d: Writing %d bytes to block #%d, md5=%s\n",
|
||||
|
|
@ -276,6 +275,8 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
|||
status = fuse.ToStatus(err)
|
||||
break
|
||||
}
|
||||
|
||||
// Write
|
||||
f.fdLock.Lock()
|
||||
_, err = f.fd.WriteAt(blockData, int64(blockOffset))
|
||||
f.fdLock.Unlock()
|
||||
|
|
|
|||
|
|
@ -244,8 +244,6 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f
|
|||
return string(target), fuse.OK
|
||||
}
|
||||
|
||||
|
||||
|
||||
func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
|
||||
if fs.isFiltered(path) {
|
||||
return fuse.EPERM
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
package pathfs_frontend
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
"fmt"
|
||||
|
||||
"github.com/hanwen/go-fuse/fuse"
|
||||
"github.com/rfjakob/gocryptfs/cryptfs"
|
||||
|
|
@ -85,7 +85,7 @@ func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) {
|
|||
cryptfs.Debug.Printf("Rmdir: Chmod failed: %v\n", err2)
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
defer func () {
|
||||
defer func() {
|
||||
if code != fuse.OK {
|
||||
// Undo the chmod if removing the directory failed
|
||||
err3 := os.Chmod(encPath, origMode)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ func (fs *FS) isFiltered(path string) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
|
||||
// encryptPath - encrypt relative plaintext path
|
||||
func (fs *FS) encryptPath(plainPath string) (string, error) {
|
||||
if fs.args.PlaintextNames {
|
||||
|
|
|
|||
Loading…
Reference in New Issue