crypt

package
v1.52.3-0...-16af9ab Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2020 License: MIT Imports: 26 Imported by: 0

Documentation

Overview

Package crypt provides wrappers for Fs and Object which implement encryption

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrorBadDecryptUTF8          = errors.New("bad decryption - utf-8 invalid")
	ErrorBadDecryptControlChar   = errors.New("bad decryption - contains control chars")
	ErrorNotAMultipleOfBlocksize = errors.New("not a multiple of blocksize")
	ErrorTooShortAfterDecode     = errors.New("too short after base32 decode")
	ErrorTooLongAfterDecode      = errors.New("too long after base32 decode")
	ErrorEncryptedFileTooShort   = errors.New("file is too short to be encrypted")
	ErrorEncryptedFileBadHeader  = errors.New("file has truncated block header")
	ErrorEncryptedBadMagic       = errors.New("not an encrypted file - bad magic string")
	ErrorEncryptedBadBlock       = errors.New("failed to authenticate decrypted block - bad password?")
	ErrorBadBase32Encoding       = errors.New("bad base32 filename encoding")
	ErrorFileClosed              = errors.New("file already closed")
	ErrorNotAnEncryptedFile      = errors.New("not an encrypted file - no \"" + encryptedSuffix + "\" suffix")
	ErrorBadSeek                 = errors.New("Seek beyond end of file")
)

Errors returned by cipher

Functions

func NewFs

func NewFs(name, rpath string, m configmap.Mapper) (fs.Fs, error)

NewFs constructs an Fs from the path, container:path

Types

type Cipher

type Cipher struct {
	// contains filtered or unexported fields
}

Cipher defines an encoding and decoding cipher for the crypt backend

func NewCipher

func NewCipher(m configmap.Mapper) (*Cipher, error)

NewCipher constructs a Cipher for the given config

func (*Cipher) DecryptData

func (c *Cipher) DecryptData(rc io.ReadCloser) (io.ReadCloser, error)

DecryptData decrypts the data stream

func (*Cipher) DecryptDataSeek

func (c *Cipher) DecryptDataSeek(ctx context.Context, open OpenRangeSeek, offset, limit int64) (ReadSeekCloser, error)

DecryptDataSeek decrypts the data stream from offset

The open function must return a ReadCloser opened to the offset supplied

You must use this form of DecryptData if you might want to Seek the file handle

func (*Cipher) DecryptDirName

func (c *Cipher) DecryptDirName(in string) (string, error)

DecryptDirName decrypts a directory path

func (*Cipher) DecryptFileName

func (c *Cipher) DecryptFileName(in string) (string, error)

DecryptFileName decrypts a file path

func (*Cipher) DecryptedSize

func (c *Cipher) DecryptedSize(size int64) (int64, error)

DecryptedSize calculates the size of the data when decrypted

func (*Cipher) EncryptData

func (c *Cipher) EncryptData(in io.Reader) (io.Reader, error)

EncryptData encrypts the data stream

func (*Cipher) EncryptDirName

func (c *Cipher) EncryptDirName(in string) string

EncryptDirName encrypts a directory path

func (*Cipher) EncryptFileName

func (c *Cipher) EncryptFileName(in string) string

EncryptFileName encrypts a file path

func (*Cipher) EncryptedSize

func (c *Cipher) EncryptedSize(size int64) int64

EncryptedSize calculates the size of the data when encrypted

func (*Cipher) Key

func (c *Cipher) Key(password, salt string) (err error)

Key creates all the internal keys from the password passed in using scrypt.

If salt is "" we use a fixed salt just to make attackers lives slighty harder than using no salt.

Note that empty passsword makes all 0x00 keys which is used in the tests.

func (*Cipher) NameEncryptionMode

func (c *Cipher) NameEncryptionMode() NameEncryptionMode

NameEncryptionMode returns the encryption mode in use for names

type Fs

type Fs struct {
	fs.Fs
	// contains filtered or unexported fields
}

Fs represents a wrapped fs.Fs

func (*Fs) About

func (f *Fs) About(ctx context.Context) (*fs.Usage, error)

About gets quota information from the Fs

func (*Fs) ChangeNotify

func (f *Fs) ChangeNotify(ctx context.Context, notifyFunc func(string, fs.EntryType), pollIntervalChan <-chan time.Duration)

ChangeNotify calls the passed function with a path that has had changes. If the implementation uses polling, it should adhere to the given interval.

func (*Fs) CleanUp

func (f *Fs) CleanUp(ctx context.Context) error

CleanUp the trash in the Fs

Implement this if you have a way of emptying the trash or otherwise cleaning up old versions of files.

func (*Fs) Command

func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error)

Command the backend to run a named command

The command run is name args may be used to read arguments from opts may be used to read optional arguments from

The result should be capable of being JSON encoded If it is a string or a []string it will be shown to the user otherwise it will be JSON encoded and shown to the user like that

func (*Fs) ComputeHash

func (f *Fs) ComputeHash(ctx context.Context, o *Object, src fs.Object, hashType hash.Type) (hashStr string, err error)

ComputeHash takes the nonce from o, and encrypts the contents of src with it, and calculates the hash given by HashType on the fly

Note that we break lots of encapsulation in this function.

func (*Fs) Copy

func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error)

Copy src to this remote using server side copy operations.

This is stored with the remote path given

It returns the destination Object and a possible error

Will only be called if src.Fs().Name() == f.Name()

If it isn't possible then return fs.ErrorCantCopy

func (*Fs) DecryptFileName

func (f *Fs) DecryptFileName(encryptedFileName string) (string, error)

DecryptFileName returns a decrypted file name

func (*Fs) DirCacheFlush

func (f *Fs) DirCacheFlush()

DirCacheFlush resets the directory cache - used in testing as an optional interface

func (*Fs) DirMove

func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string) error

DirMove moves src, srcRemote to this remote at dstRemote using server side move operations.

Will only be called if src.Fs().Name() == f.Name()

If it isn't possible then return fs.ErrorCantDirMove

If destination exists then return fs.ErrorDirExists

func (*Fs) Disconnect

func (f *Fs) Disconnect(ctx context.Context) error

Disconnect the current user

func (*Fs) EncryptFileName

func (f *Fs) EncryptFileName(fileName string) string

EncryptFileName returns an encrypted file name

func (*Fs) Features

func (f *Fs) Features() *fs.Features

Features returns the optional features of this Fs

func (*Fs) Hashes

func (f *Fs) Hashes() hash.Set

Hashes returns the supported hash sets.

func (*Fs) List

func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error)

List the objects and directories in dir into entries. The entries can be returned in any order but should be for a complete directory.

dir should be "" to list the root, and should not have trailing slashes.

This should return ErrDirNotFound if the directory isn't found.

func (*Fs) ListR

func (f *Fs) ListR(ctx context.Context, dir string, callback fs.ListRCallback) (err error)

ListR lists the objects and directories of the Fs starting from dir recursively into out.

dir should be "" to start from the root, and should not have trailing slashes.

This should return ErrDirNotFound if the directory isn't found.

It should call callback for each tranche of entries read. These need not be returned in any particular order. If callback returns an error then the listing will stop immediately.

Don't implement this unless you have a more efficient way of listing recursively that doing a directory traversal.

func (*Fs) MergeDirs

func (f *Fs) MergeDirs(ctx context.Context, dirs []fs.Directory) error

MergeDirs merges the contents of all the directories passed in into the first one and rmdirs the other directories.

func (*Fs) Mkdir

func (f *Fs) Mkdir(ctx context.Context, dir string) error

Mkdir makes the directory (container, bucket)

Shouldn't return an error if it already exists

func (*Fs) Move

func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object, error)

Move src to this remote using server side move operations.

This is stored with the remote path given

It returns the destination Object and a possible error

Will only be called if src.Fs().Name() == f.Name()

If it isn't possible then return fs.ErrorCantMove

func (*Fs) Name

func (f *Fs) Name() string

Name of the remote (as passed into NewFs)

func (*Fs) NewObject

func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error)

NewObject finds the Object at remote.

func (f *Fs) PublicLink(ctx context.Context, remote string) (string, error)

PublicLink generates a public link to the remote path (usually readable by anyone)

func (*Fs) Purge

func (f *Fs) Purge(ctx context.Context) error

Purge all files in the root and the root directory

Implement this if you have a way of deleting all the files quicker than just running Remove() on the result of List()

Return an error if it doesn't exist

func (*Fs) Put

func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)

Put in to the remote path with the modTime given of the given size

May create the object even if it returns an error - if so will return the object and the error, otherwise will return nil and the error

func (*Fs) PutStream

func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)

PutStream uploads to the remote path with the modTime given of indeterminate size

func (*Fs) PutUnchecked

func (f *Fs) PutUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)

PutUnchecked uploads the object

This will create a duplicate if we upload a new file without checking to see if there is one already - use Put() for that.

func (*Fs) Rmdir

func (f *Fs) Rmdir(ctx context.Context, dir string) error

Rmdir removes the directory (container, bucket) if empty

Return an error if it doesn't exist or isn't empty

func (*Fs) Root

func (f *Fs) Root() string

Root of the remote (as passed into NewFs)

func (*Fs) SetWrapper

func (f *Fs) SetWrapper(wrapper fs.Fs)

SetWrapper sets the Fs that is wrapping this Fs

func (*Fs) String

func (f *Fs) String() string

String returns a description of the FS

func (*Fs) UnWrap

func (f *Fs) UnWrap() fs.Fs

UnWrap returns the Fs that this Fs is wrapping

func (*Fs) UserInfo

func (f *Fs) UserInfo(ctx context.Context) (map[string]string, error)

UserInfo returns info about the connected user

func (*Fs) WrapFs

func (f *Fs) WrapFs() fs.Fs

WrapFs returns the Fs that is wrapping this Fs

type NameEncryptionMode

type NameEncryptionMode int

NameEncryptionMode is the type of file name encryption in use

const (
	NameEncryptionOff NameEncryptionMode = iota
	NameEncryptionStandard
	NameEncryptionObfuscated
)

NameEncryptionMode levels

func NewNameEncryptionMode

func NewNameEncryptionMode(s string) (mode NameEncryptionMode, err error)

NewNameEncryptionMode turns a string into a NameEncryptionMode

func (NameEncryptionMode) String

func (mode NameEncryptionMode) String() (out string)

String turns mode into a human readable string

type Object

type Object struct {
	fs.Object
	// contains filtered or unexported fields
}

Object describes a wrapped for being read from the Fs

This decrypts the remote name and decrypts the data

func (*Object) Fs

func (o *Object) Fs() fs.Info

Fs returns read only access to the Fs that this object is part of

func (*Object) GetTier

func (o *Object) GetTier() string

GetTier returns storage tier or class of the Object

func (*Object) Hash

func (o *Object) Hash(ctx context.Context, ht hash.Type) (string, error)

Hash returns the selected checksum of the file If no checksum is available it returns ""

func (*Object) ID

func (o *Object) ID() string

ID returns the ID of the Object if known, or "" if not

func (*Object) Open

func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (rc io.ReadCloser, err error)

Open opens the file for read. Call Close() on the returned io.ReadCloser

func (*Object) Remote

func (o *Object) Remote() string

Remote returns the remote path

func (*Object) SetTier

func (o *Object) SetTier(tier string) error

SetTier performs changing storage tier of the Object if multiple storage classes supported

func (*Object) Size

func (o *Object) Size() int64

Size returns the size of the file

func (*Object) String

func (o *Object) String() string

Return a string version

func (*Object) UnWrap

func (o *Object) UnWrap() fs.Object

UnWrap returns the wrapped Object

func (*Object) Update

func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error

Update in to the object with the modTime given of the given size

type ObjectInfo

type ObjectInfo struct {
	fs.ObjectInfo
	// contains filtered or unexported fields
}

ObjectInfo describes a wrapped fs.ObjectInfo for being the source

This encrypts the remote name and adjusts the size

func (*ObjectInfo) Fs

func (o *ObjectInfo) Fs() fs.Info

Fs returns read only access to the Fs that this object is part of

func (*ObjectInfo) Hash

func (o *ObjectInfo) Hash(ctx context.Context, hash hash.Type) (string, error)

Hash returns the selected checksum of the file If no checksum is available it returns ""

func (*ObjectInfo) Remote

func (o *ObjectInfo) Remote() string

Remote returns the remote path

func (*ObjectInfo) Size

func (o *ObjectInfo) Size() int64

Size returns the size of the file

type OpenRangeSeek

type OpenRangeSeek func(ctx context.Context, offset, limit int64) (io.ReadCloser, error)

OpenRangeSeek opens the file handle at the offset with the limit given

type Options

type Options struct {
	Remote                  string `config:"remote"`
	FilenameEncryption      string `config:"filename_encryption"`
	DirectoryNameEncryption bool   `config:"directory_name_encryption"`
	Password                string `config:"password"`
	Password2               string `config:"password2"`
	ShowMapping             bool   `config:"show_mapping"`
}

Options defines the configuration for this backend

type ReadSeekCloser

type ReadSeekCloser interface {
	io.Reader
	io.Seeker
	io.Closer
	fs.RangeSeeker
}

ReadSeekCloser is the interface of the read handles

Directories

Path Synopsis
Package pkcs7 implements PKCS#7 padding This is a standard way of encoding variable length buffers into buffers which are a multiple of an underlying crypto block size.
Package pkcs7 implements PKCS#7 padding This is a standard way of encoding variable length buffers into buffers which are a multiple of an underlying crypto block size.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL