fusefrontend: write: consolidate and move encryption to contentenc
Collect all the plaintext and pass everything to contentenc in one call. This will allow easier parallization of the encryption. https://github.com/rfjakob/gocryptfs/issues/116
This commit is contained in:
parent
53b7c17261
commit
a24faa3ba5
|
@ -149,6 +149,24 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b
|
||||||
return plaintext, nil
|
return plaintext, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EncryptBlocks is like EncryptBlock but takes multiple plaintext blocks.
|
||||||
|
func (be *ContentEnc) EncryptBlocks(plaintextBlocks [][]byte, firstBlockNo uint64, fileID []byte) []byte {
|
||||||
|
// Encrypt piecewise.
|
||||||
|
ciphertextBlocks := make([][]byte, len(plaintextBlocks))
|
||||||
|
for i, v := range plaintextBlocks {
|
||||||
|
ciphertextBlocks[i] = be.EncryptBlock(v, firstBlockNo+uint64(i), fileID)
|
||||||
|
}
|
||||||
|
// Concatenate ciphertext into a single byte array.
|
||||||
|
// Size the output buffer for the maximum possible size (all blocks complete)
|
||||||
|
// to allocations in out.Write()
|
||||||
|
tmp := make([]byte, len(plaintextBlocks)*int(be.CipherBS()))
|
||||||
|
out := bytes.NewBuffer(tmp[:0])
|
||||||
|
for _, v := range ciphertextBlocks {
|
||||||
|
out.Write(v)
|
||||||
|
}
|
||||||
|
return out.Bytes()
|
||||||
|
}
|
||||||
|
|
||||||
// EncryptBlock - Encrypt plaintext using a random nonce.
|
// EncryptBlock - Encrypt plaintext using a random nonce.
|
||||||
// blockNo and fileID are used as associated data.
|
// blockNo and fileID are used as associated data.
|
||||||
// The output is nonce + ciphertext + tag.
|
// The output is nonce + ciphertext + tag.
|
||||||
|
|
|
@ -272,22 +272,17 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
||||||
// re-read it after the RLock().
|
// re-read it after the RLock().
|
||||||
f.fileTableEntry.HeaderLock.RLock()
|
f.fileTableEntry.HeaderLock.RLock()
|
||||||
}
|
}
|
||||||
fileID := f.fileTableEntry.ID
|
|
||||||
defer f.fileTableEntry.HeaderLock.RUnlock()
|
defer f.fileTableEntry.HeaderLock.RUnlock()
|
||||||
// Handle payload data
|
// Handle payload data
|
||||||
status := fuse.OK
|
|
||||||
dataBuf := bytes.NewBuffer(data)
|
dataBuf := bytes.NewBuffer(data)
|
||||||
blocks := f.contentEnc.ExplodePlainRange(uint64(off), uint64(len(data)))
|
blocks := f.contentEnc.ExplodePlainRange(uint64(off), uint64(len(data)))
|
||||||
writeChain := make([][]byte, len(blocks))
|
toEncrypt := make([][]byte, len(blocks))
|
||||||
var numOutBytes int
|
|
||||||
for i, b := range blocks {
|
for i, b := range blocks {
|
||||||
blockData := dataBuf.Next(int(b.Length))
|
blockData := dataBuf.Next(int(b.Length))
|
||||||
// Incomplete block -> Read-Modify-Write
|
// Incomplete block -> Read-Modify-Write
|
||||||
if b.IsPartial() {
|
if b.IsPartial() {
|
||||||
// Read
|
// Read
|
||||||
o := b.BlockPlainOff()
|
oldData, status := f.doRead(b.BlockPlainOff(), f.contentEnc.PlainBS())
|
||||||
var oldData []byte
|
|
||||||
oldData, status = f.doRead(o, f.contentEnc.PlainBS())
|
|
||||||
if status != fuse.OK {
|
if status != fuse.OK {
|
||||||
tlog.Warn.Printf("ino%d fh%d: RMW read failed: %s", f.qIno.Ino, f.intFd(), status.String())
|
tlog.Warn.Printf("ino%d fh%d: RMW read failed: %s", f.qIno.Ino, f.intFd(), status.String())
|
||||||
return 0, status
|
return 0, status
|
||||||
|
@ -296,33 +291,26 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
||||||
blockData = f.contentEnc.MergeBlocks(oldData, blockData, int(b.Skip))
|
blockData = f.contentEnc.MergeBlocks(oldData, blockData, int(b.Skip))
|
||||||
tlog.Debug.Printf("len(oldData)=%d len(blockData)=%d", len(oldData), len(blockData))
|
tlog.Debug.Printf("len(oldData)=%d len(blockData)=%d", len(oldData), len(blockData))
|
||||||
}
|
}
|
||||||
// Encrypt
|
|
||||||
blockData = f.contentEnc.EncryptBlock(blockData, b.BlockNo, fileID)
|
|
||||||
tlog.Debug.Printf("ino%d: Writing %d bytes to block #%d",
|
tlog.Debug.Printf("ino%d: Writing %d bytes to block #%d",
|
||||||
f.qIno.Ino, uint64(len(blockData))-f.contentEnc.BlockOverhead(), b.BlockNo)
|
f.qIno.Ino, uint64(len(blockData))-f.contentEnc.BlockOverhead(), b.BlockNo)
|
||||||
// Store output data in the writeChain
|
// Write into the to-encrypt list
|
||||||
writeChain[i] = blockData
|
toEncrypt[i] = blockData
|
||||||
numOutBytes += len(blockData)
|
|
||||||
}
|
|
||||||
// Concatenenate all elements in the writeChain into one contiguous buffer
|
|
||||||
tmp := make([]byte, numOutBytes)
|
|
||||||
writeBuf := bytes.NewBuffer(tmp[:0])
|
|
||||||
for _, w := range writeChain {
|
|
||||||
writeBuf.Write(w)
|
|
||||||
}
|
}
|
||||||
|
// Encrypt all blocks
|
||||||
|
ciphertext := f.contentEnc.EncryptBlocks(toEncrypt, blocks[0].BlockNo, f.fileTableEntry.ID)
|
||||||
// Preallocate so we cannot run out of space in the middle of the write.
|
// Preallocate so we cannot run out of space in the middle of the write.
|
||||||
// This prevents partially written (=corrupt) blocks.
|
// This prevents partially written (=corrupt) blocks.
|
||||||
var err error
|
var err error
|
||||||
cOff := blocks[0].BlockCipherOff()
|
cOff := int64(blocks[0].BlockCipherOff())
|
||||||
if !f.fs.args.NoPrealloc {
|
if !f.fs.args.NoPrealloc {
|
||||||
err = syscallcompat.EnospcPrealloc(int(f.fd.Fd()), int64(cOff), int64(writeBuf.Len()))
|
err = syscallcompat.EnospcPrealloc(int(f.fd.Fd()), cOff, int64(len(ciphertext)))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("ino%d fh%d: doWrite: prealloc failed: %s", f.qIno.Ino, f.intFd(), err.Error())
|
tlog.Warn.Printf("ino%d fh%d: doWrite: prealloc failed: %s", f.qIno.Ino, f.intFd(), err.Error())
|
||||||
return 0, fuse.ToStatus(err)
|
return 0, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Write
|
// Write
|
||||||
_, err = f.fd.WriteAt(writeBuf.Bytes(), int64(cOff))
|
_, err = f.fd.WriteAt(ciphertext, cOff)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("doWrite: Write failed: %s", err.Error())
|
tlog.Warn.Printf("doWrite: Write failed: %s", err.Error())
|
||||||
return 0, fuse.ToStatus(err)
|
return 0, fuse.ToStatus(err)
|
||||||
|
|
Loading…
Reference in New Issue