From 44e860d1055c0ee946919b0a49baa85272123f5f Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Fri, 4 Jan 2019 19:10:36 +0100 Subject: [PATCH] xray: add support for inspecting AES-SIV files (-aessiv flag) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/rfjakob/gocryptfs/issues/299 : In GCM mode the auth tags are at the end of each block, but in SIV mode the auth tags follow immediately after the nonce. As a result, in AES-SIV mode the output of gocryptfs-xray is misleading and does not actually print the auth tag, but just the last 16-byte of the ciphertext. diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go index 74c9fb3..5a81caf 100644 --- a/gocryptfs-xray/xray_main.go +++ b/gocryptfs-xray/xray_main.go @@ -16,9 +16,10 @@ import ( ) const ( - ivLen = contentenc.DefaultIVBits / 8 - blockSize = contentenc.DefaultBS + ivLen + cryptocore.AuthTagLen - myName = "gocryptfs-xray" + ivLen = contentenc.DefaultIVBits / 8 + authTagLen = cryptocore.AuthTagLen + blockSize = contentenc.DefaultBS + ivLen + cryptocore.AuthTagLen + myName = "gocryptfs-xray" ) func errExit(err error) { @@ -26,13 +27,18 @@ func errExit(err error) { os.Exit(1) } -func prettyPrintHeader(h *contentenc.FileHeader) { +func prettyPrintHeader(h *contentenc.FileHeader, aessiv bool) { id := hex.EncodeToString(h.ID) - fmt.Printf("Header: Version: %d, Id: %s\n", h.Version, id) + msg := "Header: Version: %d, Id: %s" + if aessiv { + msg += ", assuming AES-SIV mode" + } + fmt.Printf(msg+"\n", h.Version, id) } func main() { dumpmasterkey := flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") + aessiv := flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") flag.Parse() if flag.NArg() != 1 { fmt.Fprintf(os.Stderr, "Usage: %s [OPTIONS] FILE\n"+ @@ -54,7 +60,7 @@ func main() { if *dumpmasterkey { dumpMasterKey(fn) } else { - inspectCiphertext(fd) + inspectCiphertext(fd, *aessiv) } } @@ -72,7 +78,7 @@ func dumpMasterKey(fn string) { } } -func inspectCiphertext(fd *os.File) { +func inspectCiphertext(fd *os.File, aessiv bool) { headerBytes := make([]byte, contentenc.HeaderLen) n, err := fd.ReadAt(headerBytes, 0) if err == io.EOF && n == 0 { @@ -88,34 +94,30 @@ func inspectCiphertext(fd *os.File) { if err != nil { errExit(err) } - prettyPrintHeader(header) + prettyPrintHeader(header, aessiv) var i int64 + buf := make([]byte, blockSize) for i = 0; ; i++ { - blockLen := int64(blockSize) off := contentenc.HeaderLen + i*blockSize - iv := make([]byte, ivLen) - _, err := fd.ReadAt(iv, off) - if err == io.EOF { - break - } else if err != nil { + n, err := fd.ReadAt(buf, off) + if err != nil && err != io.EOF { errExit(err) } - tag := make([]byte, cryptocore.AuthTagLen) - _, err = fd.ReadAt(tag, off+blockSize-cryptocore.AuthTagLen) - if err == io.EOF { - fi, err2 := fd.Stat() - if err2 != nil { - errExit(err2) - } - _, err2 = fd.ReadAt(tag, fi.Size()-cryptocore.AuthTagLen) - if err2 != nil { - errExit(err2) - } - blockLen = (fi.Size() - contentenc.HeaderLen) % blockSize - } else if err != nil { - errExit(err) + if n == 0 && err == io.EOF { + break + } + // A block contains at least the IV, the Auth Tag and 1 data byte + if n < ivLen+authTagLen+1 { + errExit(fmt.Errorf("corrupt block: truncated data, len=%d", n)) + } + data := buf[:n] + // Parse block data + iv := data[:ivLen] + tag := data[len(data)-authTagLen:] + if aessiv { + tag = data[ivLen : ivLen+authTagLen] } fmt.Printf("Block %2d: IV: %s, Tag: %s, Offset: %5d Len: %d\n", - i, hex.EncodeToString(iv), hex.EncodeToString(tag), off, blockLen) + i, hex.EncodeToString(iv), hex.EncodeToString(tag), off, len(data)) } } diff --git a/gocryptfs-xray/xray_tests/aessiv_fs.masterkey.txt b/gocryptfs-xray/xray_tests/aessiv_fs.masterkey.txt new file mode 100644 index 0000000..70835ac --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs.masterkey.txt @@ -0,0 +1,5 @@ +Your master key is: + + 29dd219d-e227ff20-8474469d-9fc9fdc6- + b434ab35-404e808c-489d441e-2c1003f2 + diff --git a/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt new file mode 100644 index 0000000..6a48079 --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt @@ -0,0 +1,3 @@ +Header: Version: 2, Id: c2f21142e108952a47edfe16053d2bb9, assuming AES-SIV mode +Block 0: IV: 7621fdc35be7671ac6f369214436e8ff, Tag: e8108c158b22cad6bb3296645357eb75, Offset: 18 Len: 4128 +Block 1: IV: f096d86a4dc3461ef17655cfcf865b13, Tag: 925f23d647e4ab7add2c8d36362cc5a9, Offset: 4146 Len: 936 diff --git a/gocryptfs-xray/xray_tests/aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ b/gocryptfs-xray/xray_tests/aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ new file mode 100644 index 0000000..bfd4dfe Binary files /dev/null and b/gocryptfs-xray/xray_tests/aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ differ diff --git a/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.conf b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.conf new file mode 100644 index 0000000..9b8b95f --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.conf @@ -0,0 +1,21 @@ +{ + "Creator": "gocryptfs v1.7-beta1-7-g6b94f5e", + "EncryptedKey": "D0kHfg/pryMO9Ydo15EwpYjNHf3iWKq2GJyNocbjwJt9blEeMoLD5DnoARuDzQs54hblw+9MHwFjCSHYmJrFbA==", + "ScryptObject": { + "Salt": "ehn0LM/Hy/4QkXAMCZq3c3p0O9G7gu5e3OQSR8MiJ6c=", + "N": 65536, + "R": 8, + "P": 1, + "KeyLen": 32 + }, + "Version": 2, + "FeatureFlags": [ + "GCMIV128", + "HKDF", + "DirIV", + "EMENames", + "LongNames", + "Raw64", + "AESSIV" + ] +} diff --git a/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.diriv b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.diriv new file mode 100644 index 0000000..dd57ce1 --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.diriv @@ -0,0 +1 @@ +.¨Í1Aiõ&Á4—öÉ \ No newline at end of file diff --git a/gocryptfs-xray/xray_tests/xray_test.go b/gocryptfs-xray/xray_tests/xray_test.go index a3374b0..8e5fc0c 100644 --- a/gocryptfs-xray/xray_tests/xray_test.go +++ b/gocryptfs-xray/xray_tests/xray_test.go @@ -24,3 +24,20 @@ func TestAesgcmXray(t *testing.T) { fmt.Printf("have:\n%s", string(out)) } } + +func TestAessivXray(t *testing.T) { + expected, err := ioutil.ReadFile("aessiv_fs.xray.txt") + if err != nil { + t.Fatal(err) + } + cmd := exec.Command("../gocryptfs-xray", "-aessiv", "aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ") + out, err := cmd.CombinedOutput() + if err != nil { + t.Fatal(err) + } + if bytes.Compare(out, expected) != 0 { + t.Errorf("Unexpected output") + fmt.Printf("expected:\n%s", string(expected)) + fmt.Printf("have:\n%s", string(out)) + } +} --- gocryptfs-xray/xray_main.go | 60 +++++++++--------- .../xray_tests/aessiv_fs.masterkey.txt | 5 ++ gocryptfs-xray/xray_tests/aessiv_fs.xray.txt | 3 + .../aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ | Bin 0 -> 5082 bytes .../xray_tests/aessiv_fs/gocryptfs.conf | 21 ++++++ .../xray_tests/aessiv_fs/gocryptfs.diriv | 1 + gocryptfs-xray/xray_tests/xray_test.go | 17 +++++ 7 files changed, 78 insertions(+), 29 deletions(-) create mode 100644 gocryptfs-xray/xray_tests/aessiv_fs.masterkey.txt create mode 100644 gocryptfs-xray/xray_tests/aessiv_fs.xray.txt create mode 100644 gocryptfs-xray/xray_tests/aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ create mode 100644 gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.conf create mode 100644 gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.diriv diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go index 74c9fb3..5a81caf 100644 --- a/gocryptfs-xray/xray_main.go +++ b/gocryptfs-xray/xray_main.go @@ -16,9 +16,10 @@ import ( ) const ( - ivLen = contentenc.DefaultIVBits / 8 - blockSize = contentenc.DefaultBS + ivLen + cryptocore.AuthTagLen - myName = "gocryptfs-xray" + ivLen = contentenc.DefaultIVBits / 8 + authTagLen = cryptocore.AuthTagLen + blockSize = contentenc.DefaultBS + ivLen + cryptocore.AuthTagLen + myName = "gocryptfs-xray" ) func errExit(err error) { @@ -26,13 +27,18 @@ func errExit(err error) { os.Exit(1) } -func prettyPrintHeader(h *contentenc.FileHeader) { +func prettyPrintHeader(h *contentenc.FileHeader, aessiv bool) { id := hex.EncodeToString(h.ID) - fmt.Printf("Header: Version: %d, Id: %s\n", h.Version, id) + msg := "Header: Version: %d, Id: %s" + if aessiv { + msg += ", assuming AES-SIV mode" + } + fmt.Printf(msg+"\n", h.Version, id) } func main() { dumpmasterkey := flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") + aessiv := flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") flag.Parse() if flag.NArg() != 1 { fmt.Fprintf(os.Stderr, "Usage: %s [OPTIONS] FILE\n"+ @@ -54,7 +60,7 @@ func main() { if *dumpmasterkey { dumpMasterKey(fn) } else { - inspectCiphertext(fd) + inspectCiphertext(fd, *aessiv) } } @@ -72,7 +78,7 @@ func dumpMasterKey(fn string) { } } -func inspectCiphertext(fd *os.File) { +func inspectCiphertext(fd *os.File, aessiv bool) { headerBytes := make([]byte, contentenc.HeaderLen) n, err := fd.ReadAt(headerBytes, 0) if err == io.EOF && n == 0 { @@ -88,34 +94,30 @@ func inspectCiphertext(fd *os.File) { if err != nil { errExit(err) } - prettyPrintHeader(header) + prettyPrintHeader(header, aessiv) var i int64 + buf := make([]byte, blockSize) for i = 0; ; i++ { - blockLen := int64(blockSize) off := contentenc.HeaderLen + i*blockSize - iv := make([]byte, ivLen) - _, err := fd.ReadAt(iv, off) - if err == io.EOF { - break - } else if err != nil { + n, err := fd.ReadAt(buf, off) + if err != nil && err != io.EOF { errExit(err) } - tag := make([]byte, cryptocore.AuthTagLen) - _, err = fd.ReadAt(tag, off+blockSize-cryptocore.AuthTagLen) - if err == io.EOF { - fi, err2 := fd.Stat() - if err2 != nil { - errExit(err2) - } - _, err2 = fd.ReadAt(tag, fi.Size()-cryptocore.AuthTagLen) - if err2 != nil { - errExit(err2) - } - blockLen = (fi.Size() - contentenc.HeaderLen) % blockSize - } else if err != nil { - errExit(err) + if n == 0 && err == io.EOF { + break + } + // A block contains at least the IV, the Auth Tag and 1 data byte + if n < ivLen+authTagLen+1 { + errExit(fmt.Errorf("corrupt block: truncated data, len=%d", n)) + } + data := buf[:n] + // Parse block data + iv := data[:ivLen] + tag := data[len(data)-authTagLen:] + if aessiv { + tag = data[ivLen : ivLen+authTagLen] } fmt.Printf("Block %2d: IV: %s, Tag: %s, Offset: %5d Len: %d\n", - i, hex.EncodeToString(iv), hex.EncodeToString(tag), off, blockLen) + i, hex.EncodeToString(iv), hex.EncodeToString(tag), off, len(data)) } } diff --git a/gocryptfs-xray/xray_tests/aessiv_fs.masterkey.txt b/gocryptfs-xray/xray_tests/aessiv_fs.masterkey.txt new file mode 100644 index 0000000..70835ac --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs.masterkey.txt @@ -0,0 +1,5 @@ +Your master key is: + + 29dd219d-e227ff20-8474469d-9fc9fdc6- + b434ab35-404e808c-489d441e-2c1003f2 + diff --git a/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt new file mode 100644 index 0000000..6a48079 --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt @@ -0,0 +1,3 @@ +Header: Version: 2, Id: c2f21142e108952a47edfe16053d2bb9, assuming AES-SIV mode +Block 0: IV: 7621fdc35be7671ac6f369214436e8ff, Tag: e8108c158b22cad6bb3296645357eb75, Offset: 18 Len: 4128 +Block 1: IV: f096d86a4dc3461ef17655cfcf865b13, Tag: 925f23d647e4ab7add2c8d36362cc5a9, Offset: 4146 Len: 936 diff --git a/gocryptfs-xray/xray_tests/aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ b/gocryptfs-xray/xray_tests/aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ new file mode 100644 index 0000000000000000000000000000000000000000..bfd4dfe0eb24032829f240cbf184b25004c1036e GIT binary patch literal 5082 zcmV<06D8~b0>bhULg5INDo5@976m;kxppD_!&~QP8piW!Aw)Ll|L72m6^kOu*1Iy6 zWK&n`bx8&uUopt(@=G~5k@G3VEi%hWGl$_N>C_-7hhlWU*EkYPE&c1whP{m1M~>O@o* zB%bJ1a2Fk$I)>CK%C@X#Db%ab|aF{I1gdNo6>SoXK@45;JJa z<{Dq3FAI89*|coW*^3sO!!;Qdb3ew?`q=e80E^}(O|jRU>NHJLY_v)$RH_)31j0iG zUEx_$YY^xmrk$jlGG!*6`O7%o(m;NEpvbQqgIyIzTRaie@YgGVFYXcl1UL*W*~)#P zW8_H5=^YT5sVM-$zE)S?q?{7YVFcY?WbxSZdNs``Wxtb!ye8L-(uAyc8*a@t2zrmJ z7&F!-byE5>Q^iU!lKj1>9BilKc3_1;nQ9f=yxFO*V*E~dJ_2pwuFb$C0Z9{4^M=gM@odx(ORJJ(DOV>|oz5kzaL5xQyi<40Fw&sF+;_tvN0`2L*Dx zvLM(rL40xa_a_JQg_Je#LpCTD=wZ_J2aB8KBd%tyH2;h8i2W5yC;Q?xQ}3S1 zm|@xrF8;&ie#j-c%gUa)T4eGNG@i>!V#jgNGdOD9YD?1aQKZp~G(@jrRics*=7T8T z&YQeBvqy$p`5%(7-^l*y%=?6ggu!Z_#c}Mni2Ac(Hc$K>AcHDXqV|q9t+;8`DCIW% zgMyd1odPB1O&~=vof!<3Lib@YZ_G~>)bMt;$FPh&Y&?;>0Yc`83>uZPtvVX6kissC zylC5{Y7dzfuN&CHqOS|zN%F}U2PGZ(e~r{Pc6&ZZv+N-SBecDIqX@vWsJ%`s=^sdIo86#ryC3$K&)#7V^$r_t?kv_>HvW31*NmBno{a`?Elq_&XB4e*RDF6ODVS z`uA7zevN&VERrwy=3yR94tY$34$!k!`p*uN(xIC2;3r;HJdzwjMC9D?#PX1cOy42k zHk*^u!kUr|oKQ0TGL!}5fQj_SYgn@I@)H$P(7PcdT)ISL%WsUT8Uk|mU#(pb@nAGr zt9;_{MXV8w;A0WZ>+_cgh0ehJPDhZTKju{+w9M3~SAK2e+#oPwG&DdNWr%JF5O0=f9Fv+B6{uMyMnS7Z2H8liz>k}IVkcLOR{GV%b897EPtQN^Tb3NfDxOgLR{S?h|6egw@n{g zjk_l(t$!tjugz+Zs2%|)_*s6jT;=fPhA;95bd)LeA5+dYcuM?6`R%V{lBHF$omWJ= zcwM~(e*Y}*{w1xYq|UTIOtGR0Jam%U{gC-#FPFOktrFGpz)?zZ0f~-^EgQkEHhb+O zqJXT}(l&b{=qtb_)$Q~ZU1Ul<*;;P{+`twZ_h&4g}m zXcsjCdX1@`52R$9HiFnDvwD_Br_ueu+`zMp5_z zenFjfpXCQmb6|x^dzES`zea)Fm#rA&YcNhb!xOrq$o1NPNdC|>23w+g z4oZZ(_#arKY5ef77@_n`wG}9#{J6jCi`y{Lk}n8aqc$%XShYl2+PE z)=F~z|ET|9{$A+OC;AFGBRZ1G?66l6%VC9;BeHEZa>4!eCh5{?OAeQaa8gGmmEA1;wV=bg|^DCgqnvDsW?HFO3R z%d~wQvSUBuzqwB5`1jwG@l2g!!ww?J<*=s&ro^C9JeLvS^<1llYDlUmsA637y?G=N z5i>SsOk2JnZn(}ZPR$X5Kb5aX77YMuqiF%13lIA4Ib;V&pm5fs1?GW+p@W0A?C-Mn zW!|t9(fdc(j1!6iUN--UKRNmk%L3$aSS zG@yvQ5?g;Yda|d%I)M&<{BD$wnbJv|SSH0rMFAgfcq}@BVj-ML317}?refCnn`8Oo z;{xk%+oA>BKlFR3w|N>=sfG&Hhy~(rd}KeeEgG{!U86q*2-3wxE@kw6{O^XQS9Xsc z9|ftQZ`}I)2*OHr**|dDaW%4E&@bSbTY)FRRQ0G)Yt4aA`AG2z_7o4eZC?Clo-?rz zAAsvTxeDx{@0+!Z3_06!wfzg{WxnL@sV`t5!@iU9ujPlBy)NiNbu_RzKvCuqUq`1e1eK@Hn{)J z z8a-7YETHo?WsP<}Ga6C_{oq5^@WyGv@p#9INlH>FD8mt8((g6%YEQP2R4kri3epOk z4j7Z(sSh<7fbL7cP$5@RH1*YM9L8eu2Er-YlL6M(Efzj$@AuQh5VPremmky_;ymm4 zZZ%Z(sXod(6U7fX8WF|GoL%!$epv{9VwFnw5My2g)~ZPFH6^NcxML6~SFeD_M{wY+ zMFCp!T=4LEQtx35WjzE{xwK0h@IlJ4)K_-*Rr#1@rt$wbJeK5h`B<4MQyV6%wS%%s zH_$~>Jciliv#f*g( z$nBCu<>ZbxLXOFSLcvp*GKuI4dCB-I530np0L1!&J--=*@ArkqWd#xPC-G`3uoCH! z^>-r8=sSSL7mwnhL<6$1m%rGDKVO-Ng7>Hu*V5Z2`5{7uaBR#ZhXc3z%0y(EtR?~q z{Q|6s?JFs^Ta{KPvpQ{Y*`5X{yDDP+)|N%NVU1|E#QDo6x;&~t(@g*dRBaxvGQ2^1 z@cMIw_fu@OKxWBKiZ12j!F$3#drtmo4V_)%To+%Qe^kWjG%F1&yXL|63LnPof-@sF zpxy@{8A_2SB&I( z4ix3XO0D!Fw5|8EXT^5_k+Ml~#@#I@)zizC?2hdW8c$`-yK5q8WR?Yw5za#Jy$Sj; zO-<&mC>}@B-hDGiC3dqWO0TXdXHEuwYe$Y^*5nMOGj-o_r=R%%ST0Ua&PcH@gT%Md zv_}Ch8HT!{RkP|aaHkw~Mr7Po)34b0IS9!v``*ZJL{H;mRZ6aS!CAA^MN*3w_`(O$ z{rtp5O2j9rg>6MzPX{TY5DiHGu9>`#;6$Hkiy~39b&(zmxar)Jb%eEarUN0UgMq4E z#v)c%27{-?DwIrCM?-S!`nI6|E^32sMU@`ICE1ub;OH7uJ|o~9Oq)YzeB(-I*+_lC zeO$85l0FW#*zO;EdG?VqaF{U+G;FTm!Ihb<3`jH%E?@lFzK|Fw)lWF9b)l=D=bU>h z&D~=o!62?%pVcaFj*cGvJdn~qbFW0zwpskBfTT*{Fx=A@G48w_7Q-ri$nC&)FLe8B z^@qlMw`RR{P8rSx$1A8Yg5*Fsk4BbEZvlL+>WIZ_Or<1w~ey~3R39c&rmgcd5dEn2|4V0Z{GDlVE8^w;X%cHeXu3; z8m8lnK56coT1Qc>EqnXdhO@UyE+n(s> zjOG~)hf67GM#3&`lx#wL2dtLF4znBfzI(YkHJOqob}co^JJjRkGU54-vA<16na?22 z^|&6o!g5?)MzH)cBop^Q}I-Qg^XdEY8NMu)TvSyt*~@B8|PmlQkS(gE96 zEOeua5XD}KzB~avkz*H><1(MnBGnzcQbkGh~4XtSa z_}Wi~&14`S*}e3$9?B(BO`6F0R6VFi96?-Eu_=igPoJCCWl2a;6#mb+7Jc%Ch{%7t zL_UN@{Ge2+xaPr^JG9cw;ZSK~aXtSoxh{y{Te`0-*#D};^AQ7Q2Jc&y zm#zdx<3gGU9Ip_(E|TSZ3C&{&%aB{ytM3}Td3hH)oW}qAauu|A9K~DcFJ+~Rb8KJ^ zxb1-V2xTA5F4Ee5-Yn_14_?ez(+B(4&Ebo9N?*}C=klQ$WQ1osbz{AM)D>1ZX_E^T zh3V)4NErV~gsk?BVWqP-l=snL9ueDiIYPrNSooXAPpT(zIUPqGyNYb!T(zmoWVUef zbr!HzJom>SL$cDUTB{Et%1vkxAc0OuuknkRYZp4dS#1wU)YXhjNdxkjhPM6S8OU*~9WA9~z zH}COBDo_vp_QI+t&)yrk4NohIym|!u`3i@)i1p0^&OdfV<0@U*1icGq8EMZa+oSgd zsr0tYiUm-cwRnha&T;-po=hksQ~A|P@JuwU{dWhK-p+@c#~v?|8DuF8C2CFdqEj); zLQwYXVd5fAsnV{sQbbhP>Gy{v$$xpAQ+oZOi=R>5--W(-qrrX~$vTCtLYy=}I(%H< z%0!`#Tlb(o0*VJ+T?BDTBMz3wcIn$vLZsO%@ouYoRq|%$r)pwwp;sG1e0usJ;iclc z@^0c>XT1m;4sb!Ag}Ms54w5Th73uORVphQR29$_fFqf89)w?B7-~*)a9_&nT)TTWe zguk>MbPO_s{)QC1K_41fc@*Z#?Lsl}!BT+K#9<)dBfu)E%Fotk@O>RB3HILV;i*nI zCCoTv(%j!aOVaT+5G3&tb#m;e9( literal 0 HcmV?d00001 diff --git a/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.conf b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.conf new file mode 100644 index 0000000..9b8b95f --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.conf @@ -0,0 +1,21 @@ +{ + "Creator": "gocryptfs v1.7-beta1-7-g6b94f5e", + "EncryptedKey": "D0kHfg/pryMO9Ydo15EwpYjNHf3iWKq2GJyNocbjwJt9blEeMoLD5DnoARuDzQs54hblw+9MHwFjCSHYmJrFbA==", + "ScryptObject": { + "Salt": "ehn0LM/Hy/4QkXAMCZq3c3p0O9G7gu5e3OQSR8MiJ6c=", + "N": 65536, + "R": 8, + "P": 1, + "KeyLen": 32 + }, + "Version": 2, + "FeatureFlags": [ + "GCMIV128", + "HKDF", + "DirIV", + "EMENames", + "LongNames", + "Raw64", + "AESSIV" + ] +} diff --git a/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.diriv b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.diriv new file mode 100644 index 0000000..dd57ce1 --- /dev/null +++ b/gocryptfs-xray/xray_tests/aessiv_fs/gocryptfs.diriv @@ -0,0 +1 @@ +.1Ai&4 \ No newline at end of file diff --git a/gocryptfs-xray/xray_tests/xray_test.go b/gocryptfs-xray/xray_tests/xray_test.go index a3374b0..8e5fc0c 100644 --- a/gocryptfs-xray/xray_tests/xray_test.go +++ b/gocryptfs-xray/xray_tests/xray_test.go @@ -24,3 +24,20 @@ func TestAesgcmXray(t *testing.T) { fmt.Printf("have:\n%s", string(out)) } } + +func TestAessivXray(t *testing.T) { + expected, err := ioutil.ReadFile("aessiv_fs.xray.txt") + if err != nil { + t.Fatal(err) + } + cmd := exec.Command("../gocryptfs-xray", "-aessiv", "aessiv_fs/Ldq-c4ADpM5iGSSrPjUAqQ") + out, err := cmd.CombinedOutput() + if err != nil { + t.Fatal(err) + } + if bytes.Compare(out, expected) != 0 { + t.Errorf("Unexpected output") + fmt.Printf("expected:\n%s", string(expected)) + fmt.Printf("have:\n%s", string(out)) + } +}