cryptocore: use eme v1.1 interface

Version 1.1 of the EME package (github.com/rfjakob/eme) added a more convenient interface. Use it. Note that you have to upgrade your EME package (go get -u)!
2017-03-05 13:58:24 +01:00 · 2017-03-05 13:58:24 +01:00 · e032539e2c
commit e032539e2c
parent b2f154a9a9
4 changed files with 16 additions and 14 deletions
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@ -9,6 +9,8 @@ import (
 	"fmt"
 	"log"

+	"github.com/rfjakob/eme"
+
 	"github.com/rfjakob/gocryptfs/internal/siv_aead"
 	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
 )
@ -33,8 +35,8 @@ const (

 // CryptoCore is the low level crypto implementation.
 type CryptoCore struct {
-	// AES-256 block cipher. This is used for EME filename encryption.
-	BlockCipher cipher.Block
+	// EME is used for filename encryption.
+	EMECipher *eme.EMECipher
 	// GCM or AES-SIV. This is used for content encryption.
 	AEADCipher cipher.AEAD
 	// Which backend is behind AEADCipher?
@ -56,12 +58,13 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
 	// We want the IV size in bytes
 	IVLen := IVBitLen / 8

-	// Name encryption always uses built-in Go AES through BlockCipher.
+	// Name encryption always uses built-in Go AES through blockCipher.
 	// Content encryption uses BlockCipher only if useOpenssl=false.
 	blockCipher, err := aes.NewCipher(key)
 	if err != nil {
 		log.Panic(err)
 	}
+	emeCipher := eme.New(blockCipher)

 	var aeadCipher cipher.AEAD
 	switch backend {
@ -90,7 +93,7 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
 	}

 	return &CryptoCore{
-		BlockCipher: blockCipher,
+		EMECipher:   emeCipher,
 		AEADCipher:  aeadCipher,
 		AEADBackend: backend,
 		IVGenerator: &nonceGenerator{nonceLen: IVLen},
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@ -42,7 +42,7 @@ var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
 func NewFS(args Args) *FS {
 	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
-	nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
+	nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)

 	return &FS{
 		FileSystem:    pathfs.NewLoopbackFileSystem(args.Cipherdir),
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@ -59,7 +59,7 @@ func NewFS(args fusefrontend.Args) *ReverseFS {
 	initLongnameCache()
 	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
-	nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
+	nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)

 	return &ReverseFS{
 		// pathfs.defaultFileSystem returns ENOSYS for all operations
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@ -8,13 +8,12 @@ import (

 	"github.com/rfjakob/eme"

-	"github.com/rfjakob/gocryptfs/internal/cryptocore"
 	"github.com/rfjakob/gocryptfs/internal/tlog"
 )

 // NameTransform is used to transform filenames.
 type NameTransform struct {
-	cryptoCore *cryptocore.CryptoCore
+	emeCipher  *eme.EMECipher
 	longNames  bool
 	DirIVCache dirIVCache
 	// b64 = either base64.URLEncoding or base64.RawURLEncoding
@ -22,15 +21,15 @@ type NameTransform struct {
 }

 // New returns a new NameTransform instance.
-func New(c *cryptocore.CryptoCore, longNames bool, raw64 bool) *NameTransform {
+func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
 	b64 := base64.URLEncoding
 	if raw64 {
 		b64 = getRaw64Encoding()
 	}
 	return &NameTransform{
-		cryptoCore: c,
-		longNames:  longNames,
-		b64:        b64,
+		emeCipher: e,
+		longNames: longNames,
+		b64:       b64,
 	}
 }

@ -47,7 +46,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
 		tlog.Debug.Printf("DecryptName %q: decoded length %d is not a multiple of 16", cipherName, len(bin))
 		return "", syscall.EINVAL
 	}
-	bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt)
+	bin = n.emeCipher.Decrypt(iv, bin)
 	bin, err = unPad16(bin)
 	if err != nil {
 		tlog.Debug.Printf("pad16 error detail: %v", err)
@ -69,7 +68,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
 func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
 	bin := []byte(plainName)
 	bin = pad16(bin)
-	bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt)
+	bin = n.emeCipher.Encrypt(iv, bin)
 	cipherName64 = n.b64.EncodeToString(bin)
 	return cipherName64
 }