cryptocore: use eme v1.1 interface
Version 1.1 of the EME package (github.com/rfjakob/eme) added a more convenient interface. Use it. Note that you have to upgrade your EME package (go get -u)!
This commit is contained in:
parent
b2f154a9a9
commit
e032539e2c
@ -9,6 +9,8 @@ import (
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"github.com/rfjakob/eme"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/internal/siv_aead"
|
||||
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
|
||||
)
|
||||
@ -33,8 +35,8 @@ const (
|
||||
|
||||
// CryptoCore is the low level crypto implementation.
|
||||
type CryptoCore struct {
|
||||
// AES-256 block cipher. This is used for EME filename encryption.
|
||||
BlockCipher cipher.Block
|
||||
// EME is used for filename encryption.
|
||||
EMECipher *eme.EMECipher
|
||||
// GCM or AES-SIV. This is used for content encryption.
|
||||
AEADCipher cipher.AEAD
|
||||
// Which backend is behind AEADCipher?
|
||||
@ -56,12 +58,13 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
|
||||
// We want the IV size in bytes
|
||||
IVLen := IVBitLen / 8
|
||||
|
||||
// Name encryption always uses built-in Go AES through BlockCipher.
|
||||
// Name encryption always uses built-in Go AES through blockCipher.
|
||||
// Content encryption uses BlockCipher only if useOpenssl=false.
|
||||
blockCipher, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
log.Panic(err)
|
||||
}
|
||||
emeCipher := eme.New(blockCipher)
|
||||
|
||||
var aeadCipher cipher.AEAD
|
||||
switch backend {
|
||||
@ -90,7 +93,7 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
|
||||
}
|
||||
|
||||
return &CryptoCore{
|
||||
BlockCipher: blockCipher,
|
||||
EMECipher: emeCipher,
|
||||
AEADCipher: aeadCipher,
|
||||
AEADBackend: backend,
|
||||
IVGenerator: &nonceGenerator{nonceLen: IVLen},
|
||||
|
@ -42,7 +42,7 @@ var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
|
||||
func NewFS(args Args) *FS {
|
||||
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
|
||||
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
|
||||
nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
|
||||
nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
|
||||
|
||||
return &FS{
|
||||
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),
|
||||
|
@ -59,7 +59,7 @@ func NewFS(args fusefrontend.Args) *ReverseFS {
|
||||
initLongnameCache()
|
||||
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
|
||||
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
|
||||
nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
|
||||
nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
|
||||
|
||||
return &ReverseFS{
|
||||
// pathfs.defaultFileSystem returns ENOSYS for all operations
|
||||
|
@ -8,13 +8,12 @@ import (
|
||||
|
||||
"github.com/rfjakob/eme"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
||||
"github.com/rfjakob/gocryptfs/internal/tlog"
|
||||
)
|
||||
|
||||
// NameTransform is used to transform filenames.
|
||||
type NameTransform struct {
|
||||
cryptoCore *cryptocore.CryptoCore
|
||||
emeCipher *eme.EMECipher
|
||||
longNames bool
|
||||
DirIVCache dirIVCache
|
||||
// b64 = either base64.URLEncoding or base64.RawURLEncoding
|
||||
@ -22,15 +21,15 @@ type NameTransform struct {
|
||||
}
|
||||
|
||||
// New returns a new NameTransform instance.
|
||||
func New(c *cryptocore.CryptoCore, longNames bool, raw64 bool) *NameTransform {
|
||||
func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
|
||||
b64 := base64.URLEncoding
|
||||
if raw64 {
|
||||
b64 = getRaw64Encoding()
|
||||
}
|
||||
return &NameTransform{
|
||||
cryptoCore: c,
|
||||
longNames: longNames,
|
||||
b64: b64,
|
||||
emeCipher: e,
|
||||
longNames: longNames,
|
||||
b64: b64,
|
||||
}
|
||||
}
|
||||
|
||||
@ -47,7 +46,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
|
||||
tlog.Debug.Printf("DecryptName %q: decoded length %d is not a multiple of 16", cipherName, len(bin))
|
||||
return "", syscall.EINVAL
|
||||
}
|
||||
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt)
|
||||
bin = n.emeCipher.Decrypt(iv, bin)
|
||||
bin, err = unPad16(bin)
|
||||
if err != nil {
|
||||
tlog.Debug.Printf("pad16 error detail: %v", err)
|
||||
@ -69,7 +68,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
|
||||
func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
|
||||
bin := []byte(plainName)
|
||||
bin = pad16(bin)
|
||||
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt)
|
||||
bin = n.emeCipher.Encrypt(iv, bin)
|
||||
cipherName64 = n.b64.EncodeToString(bin)
|
||||
return cipherName64
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user