2b8cbd9441
"git status" for reference: deleted: cryptfs/cryptfs.go deleted: cryptfs/names_core.go modified: integration_tests/cli_test.go modified: integration_tests/helpers.go renamed: cryptfs/config_file.go -> internal/configfile/config_file.go renamed: cryptfs/config_test.go -> internal/configfile/config_test.go renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf renamed: cryptfs/kdf.go -> internal/configfile/kdf.go renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go new file: internal/contentenc/content_api.go renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go new file: internal/cryptocore/crypto_api.go renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go new file: internal/nametransform/name_api.go new file: internal/nametransform/names_core.go renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go new file: internal/nametransform/pad16.go renamed: cryptfs/log.go -> internal/toggledlog/log.go renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go modified: main.go modified: masterkey.go modified: pathfs_frontend/file.go modified: pathfs_frontend/file_holes.go modified: pathfs_frontend/fs.go modified: pathfs_frontend/fs_dir.go modified: pathfs_frontend/names.go modified: test.bash
101 lines
2.2 KiB
Go
101 lines
2.2 KiB
Go
package cryptocore
|
|
|
|
// Implements cipher.AEAD with OpenSSL backend
|
|
|
|
import (
|
|
"bytes"
|
|
"github.com/spacemonkeygo/openssl"
|
|
)
|
|
|
|
// Supports all nonce sizes
|
|
type opensslGCM struct {
|
|
key []byte
|
|
}
|
|
|
|
func (be opensslGCM) Overhead() int {
|
|
return AuthTagLen
|
|
}
|
|
|
|
func (be opensslGCM) NonceSize() int {
|
|
// We support any nonce size
|
|
return -1
|
|
}
|
|
|
|
// Seal encrypts and authenticates plaintext, authenticates the
|
|
// additional data and appends the result to dst, returning the updated
|
|
// slice. opensslGCM supports any nonce size.
|
|
func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
|
|
|
|
// Preallocate output buffer
|
|
var cipherBuf bytes.Buffer
|
|
cipherBuf.Grow(len(dst) + len(plaintext) + AuthTagLen)
|
|
// Output will be appended to dst
|
|
cipherBuf.Write(dst)
|
|
|
|
ectx, err := openssl.NewGCMEncryptionCipherCtx(KeyLen*8, nil, be.key, nonce)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
err = ectx.ExtraData(data)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
part, err := ectx.EncryptUpdate(plaintext)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
cipherBuf.Write(part)
|
|
part, err = ectx.EncryptFinal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
cipherBuf.Write(part)
|
|
part, err = ectx.GetTag()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
cipherBuf.Write(part)
|
|
|
|
return cipherBuf.Bytes()
|
|
}
|
|
|
|
// Open decrypts and authenticates ciphertext, authenticates the
|
|
// additional data and, if successful, appends the resulting plaintext
|
|
// to dst, returning the updated slice. The nonce must be NonceSize()
|
|
// bytes long and both it and the additional data must match the
|
|
// value passed to Seal.
|
|
//
|
|
// The ciphertext and dst may alias exactly or not at all.
|
|
func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
|
|
|
|
l := len(ciphertext)
|
|
tag := ciphertext[l-AuthTagLen : l]
|
|
ciphertext = ciphertext[0 : l-AuthTagLen]
|
|
plainBuf := bytes.NewBuffer(dst)
|
|
|
|
dctx, err := openssl.NewGCMDecryptionCipherCtx(KeyLen*8, nil, be.key, nonce)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = dctx.ExtraData(data)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
part, err := dctx.DecryptUpdate(ciphertext)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
plainBuf.Write(part)
|
|
err = dctx.SetTag(tag)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
part, err = dctx.DecryptFinal()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
plainBuf.Write(part)
|
|
|
|
return plainBuf.Bytes(), nil
|
|
}
|