68 lines
1.3 KiB
Go
68 lines
1.3 KiB
Go
package cryptfs
|
|
|
|
// CryptFS is the crypto backend of GoCryptFS
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
const (
|
|
DEFAULT_PLAINBS = 4096
|
|
KEY_LEN = 32 // AES-256
|
|
NONCE_LEN = 12
|
|
AUTH_TAG_LEN = 16
|
|
BLOCK_OVERHEAD = NONCE_LEN + AUTH_TAG_LEN
|
|
DIRIV_LEN = 16 // identical to AES block size
|
|
DIRIV_FILENAME = "gocryptfs.diriv"
|
|
)
|
|
|
|
type CryptFS struct {
|
|
blockCipher cipher.Block
|
|
gcm cipher.AEAD
|
|
plainBS uint64
|
|
cipherBS uint64
|
|
// Stores an all-zero block of size cipherBS
|
|
allZeroBlock []byte
|
|
// DirIV cache for filename encryption
|
|
DirIVCacheEnc DirIVCache
|
|
}
|
|
|
|
func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS {
|
|
|
|
if len(key) != KEY_LEN {
|
|
panic(fmt.Sprintf("Unsupported key length %d", len(key)))
|
|
}
|
|
|
|
b, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
var gcm cipher.AEAD
|
|
if useOpenssl {
|
|
gcm = opensslGCM{key}
|
|
} else {
|
|
gcm, err = cipher.NewGCM(b)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
|
|
cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN
|
|
|
|
return &CryptFS{
|
|
blockCipher: b,
|
|
gcm: gcm,
|
|
plainBS: DEFAULT_PLAINBS,
|
|
cipherBS: uint64(cipherBS),
|
|
allZeroBlock: make([]byte, cipherBS),
|
|
}
|
|
}
|
|
|
|
// Get plaintext block size
|
|
func (be *CryptFS) PlainBS() uint64 {
|
|
return be.plainBS
|
|
}
|