cryptocore: use eme v1.1 interface

Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.

Note that you have to upgrade your EME package (go get -u)!
This commit is contained in:
Jakob Unterwurzacher 2017-03-05 13:58:24 +01:00
parent b2f154a9a9
commit e032539e2c
4 changed files with 16 additions and 14 deletions

View File

@ -9,6 +9,8 @@ import (
"fmt"
"log"
"github.com/rfjakob/eme"
"github.com/rfjakob/gocryptfs/internal/siv_aead"
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
)
@ -33,8 +35,8 @@ const (
// CryptoCore is the low level crypto implementation.
type CryptoCore struct {
// AES-256 block cipher. This is used for EME filename encryption.
BlockCipher cipher.Block
// EME is used for filename encryption.
EMECipher *eme.EMECipher
// GCM or AES-SIV. This is used for content encryption.
AEADCipher cipher.AEAD
// Which backend is behind AEADCipher?
@ -56,12 +58,13 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
// We want the IV size in bytes
IVLen := IVBitLen / 8
// Name encryption always uses built-in Go AES through BlockCipher.
// Name encryption always uses built-in Go AES through blockCipher.
// Content encryption uses BlockCipher only if useOpenssl=false.
blockCipher, err := aes.NewCipher(key)
if err != nil {
log.Panic(err)
}
emeCipher := eme.New(blockCipher)
var aeadCipher cipher.AEAD
switch backend {
@ -90,7 +93,7 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
}
return &CryptoCore{
BlockCipher: blockCipher,
EMECipher: emeCipher,
AEADCipher: aeadCipher,
AEADBackend: backend,
IVGenerator: &nonceGenerator{nonceLen: IVLen},

View File

@ -42,7 +42,7 @@ var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
func NewFS(args Args) *FS {
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
return &FS{
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),

View File

@ -59,7 +59,7 @@ func NewFS(args fusefrontend.Args) *ReverseFS {
initLongnameCache()
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames, args.Raw64)
nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
return &ReverseFS{
// pathfs.defaultFileSystem returns ENOSYS for all operations

View File

@ -8,13 +8,12 @@ import (
"github.com/rfjakob/eme"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
// NameTransform is used to transform filenames.
type NameTransform struct {
cryptoCore *cryptocore.CryptoCore
emeCipher *eme.EMECipher
longNames bool
DirIVCache dirIVCache
// b64 = either base64.URLEncoding or base64.RawURLEncoding
@ -22,15 +21,15 @@ type NameTransform struct {
}
// New returns a new NameTransform instance.
func New(c *cryptocore.CryptoCore, longNames bool, raw64 bool) *NameTransform {
func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
b64 := base64.URLEncoding
if raw64 {
b64 = getRaw64Encoding()
}
return &NameTransform{
cryptoCore: c,
longNames: longNames,
b64: b64,
emeCipher: e,
longNames: longNames,
b64: b64,
}
}
@ -47,7 +46,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
tlog.Debug.Printf("DecryptName %q: decoded length %d is not a multiple of 16", cipherName, len(bin))
return "", syscall.EINVAL
}
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt)
bin = n.emeCipher.Decrypt(iv, bin)
bin, err = unPad16(bin)
if err != nil {
tlog.Debug.Printf("pad16 error detail: %v", err)
@ -69,7 +68,7 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
bin := []byte(plainName)
bin = pad16(bin)
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt)
bin = n.emeCipher.Encrypt(iv, bin)
cipherName64 = n.b64.EncodeToString(bin)
return cipherName64
}