Jakob Unterwurzacher
parent
8518d6d7bd
commit
00a712b4d1
|
|
@ -86,7 +86,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// encryptBlock - Encrypt and add IV and MAC
|
// encryptBlock - Encrypt and add IV and MAC
|
||||||
func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) []byte {
|
func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte {
|
||||||
|
|
||||||
// Empty block?
|
// Empty block?
|
||||||
if len(plaintext) == 0 {
|
if len(plaintext) == 0 {
|
||||||
|
|
@ -96,10 +96,12 @@ func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte)
|
||||||
// Get fresh nonce
|
// Get fresh nonce
|
||||||
nonce := gcmNonce.Get()
|
nonce := gcmNonce.Get()
|
||||||
|
|
||||||
// Encrypt plaintext and append to nonce
|
// Authenticate block with block number and file ID
|
||||||
aData := make([]byte, 8)
|
aData := make([]byte, 8)
|
||||||
binary.BigEndian.PutUint64(aData, blockNo)
|
binary.BigEndian.PutUint64(aData, blockNo)
|
||||||
aData = append(aData, fileId...)
|
aData = append(aData, fileID...)
|
||||||
|
|
||||||
|
// Encrypt plaintext and append to nonce
|
||||||
ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData)
|
ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData)
|
||||||
|
|
||||||
return ciphertext
|
return ciphertext
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
package cryptfs
|
package cryptfs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
|
"fmt"
|
||||||
)
|
)
|
||||||
|
|
||||||
// goGCMWrapper - This wrapper makes sure gocryptfs can be compiled on Go
|
// goGCMWrapper - This wrapper makes sure gocryptfs can be compiled on Go
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
package cryptfs
|
package cryptfs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
"encoding/json"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type logChannel struct {
|
type logChannel struct {
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
package cryptfs
|
package cryptfs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/binary"
|
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
|
"encoding/binary"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,13 @@
|
||||||
package integration_tests
|
package integration_tests
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"syscall"
|
|
||||||
"crypto/md5"
|
"crypto/md5"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"syscall"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/rfjakob/gocryptfs/cryptfs"
|
"github.com/rfjakob/gocryptfs/cryptfs"
|
||||||
|
|
|
||||||
|
|
@ -333,7 +333,6 @@ func TestRename(t *testing.T) {
|
||||||
testRename(t, defaultPlainDir)
|
testRename(t, defaultPlainDir)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Overwrite an empty directory with another directory
|
// Overwrite an empty directory with another directory
|
||||||
func TestDirOverwrite(t *testing.T) {
|
func TestDirOverwrite(t *testing.T) {
|
||||||
dir1 := defaultPlainDir + "DirOverwrite1"
|
dir1 := defaultPlainDir + "DirOverwrite1"
|
||||||
|
|
|
||||||
|
|
@ -261,7 +261,6 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
||||||
cryptfs.Debug.Printf("len(oldData)=%d len(blockData)=%d\n", len(oldData), len(blockData))
|
cryptfs.Debug.Printf("len(oldData)=%d len(blockData)=%d\n", len(oldData), len(blockData))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write
|
|
||||||
blockOffset, blockLen := b.CiphertextRange()
|
blockOffset, blockLen := b.CiphertextRange()
|
||||||
blockData = f.cfs.EncryptBlock(blockData, b.BlockNo, f.header.Id)
|
blockData = f.cfs.EncryptBlock(blockData, b.BlockNo, f.header.Id)
|
||||||
cryptfs.Debug.Printf("ino%d: Writing %d bytes to block #%d, md5=%s\n",
|
cryptfs.Debug.Printf("ino%d: Writing %d bytes to block #%d, md5=%s\n",
|
||||||
|
|
@ -276,6 +275,8 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
||||||
status = fuse.ToStatus(err)
|
status = fuse.ToStatus(err)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Write
|
||||||
f.fdLock.Lock()
|
f.fdLock.Lock()
|
||||||
_, err = f.fd.WriteAt(blockData, int64(blockOffset))
|
_, err = f.fd.WriteAt(blockData, int64(blockOffset))
|
||||||
f.fdLock.Unlock()
|
f.fdLock.Unlock()
|
||||||
|
|
|
||||||
|
|
@ -244,8 +244,6 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f
|
||||||
return string(target), fuse.OK
|
return string(target), fuse.OK
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
|
func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
|
||||||
if fs.isFiltered(path) {
|
if fs.isFiltered(path) {
|
||||||
return fuse.EPERM
|
return fuse.EPERM
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
package pathfs_frontend
|
package pathfs_frontend
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"syscall"
|
"syscall"
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"github.com/hanwen/go-fuse/fuse"
|
"github.com/hanwen/go-fuse/fuse"
|
||||||
"github.com/rfjakob/gocryptfs/cryptfs"
|
"github.com/rfjakob/gocryptfs/cryptfs"
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ func (fs *FS) isFiltered(path string) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// encryptPath - encrypt relative plaintext path
|
// encryptPath - encrypt relative plaintext path
|
||||||
func (fs *FS) encryptPath(plainPath string) (string, error) {
|
func (fs *FS) encryptPath(plainPath string) (string, error) {
|
||||||
if fs.args.PlaintextNames {
|
if fs.args.PlaintextNames {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue