crypt

package
v0.0.0-...-1dc401f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2024 License: MIT Imports: 31 Imported by: 0

Documentation

Overview

Package crypt provides wrappers for Fs and Object which implement encryption

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrorBadDecryptUTF8          = errors.New("bad decryption - utf-8 invalid")
	ErrorBadDecryptControlChar   = errors.New("bad decryption - contains control chars")
	ErrorNotAMultipleOfBlocksize = errors.New("not a multiple of blocksize")
	ErrorTooShortAfterDecode     = errors.New("too short after base32 decode")
	ErrorTooLongAfterDecode      = errors.New("too long after base32 decode")
	ErrorEncryptedFileTooShort   = errors.New("file is too short to be encrypted")
	ErrorEncryptedFileBadHeader  = errors.New("file has truncated block header")
	ErrorEncryptedBadMagic       = errors.New("not an encrypted file - bad magic string")
	ErrorEncryptedBadBlock       = errors.New("failed to authenticate decrypted block - bad password?")
	ErrorBadBase32Encoding       = errors.New("bad base32 filename encoding")
	ErrorFileClosed              = errors.New("file already closed")
	ErrorNotAnEncryptedFile      = errors.New("not an encrypted file - does not match suffix")
	ErrorBadSeek                 = errors.New("Seek beyond end of file")
	ErrorSuffixMissingDot        = errors.New("suffix config setting should include a '.'")
)

Errors returned by cipher

Functions

func NewFs 

func NewFs(ctx context.Context, name, rpath string, m configmap.Mapper) (fs.Fs, error)

NewFs constructs an Fs from the path, container:path

func NewNameEncoding 

func NewNameEncoding(s string) (enc fileNameEncoding, err error)

NewNameEncoding creates a NameEncoding from a string

Types

type Cipher 

type Cipher struct {
	// contains filtered or unexported fields
}

Cipher defines an encoding and decoding cipher for the crypt backend

func NewCipher 

func NewCipher(m configmap.Mapper) (*Cipher, error)

NewCipher constructs a Cipher for the given config

func (*Cipher) DecryptData 

func (c *Cipher) DecryptData(rc io.ReadCloser) (io.ReadCloser, error)

DecryptData decrypts the data stream

func (*Cipher) DecryptDataSeek 

func (c *Cipher) DecryptDataSeek(ctx context.Context, open OpenRangeSeek, offset, limit int64) (ReadSeekCloser, error)

DecryptDataSeek decrypts the data stream from offset

The open function must return a ReadCloser opened to the offset supplied.

You must use this form of DecryptData if you might want to Seek the file handle

func (*Cipher) DecryptDirName 

func (c *Cipher) DecryptDirName(in string) (string, error)

DecryptDirName decrypts a directory path

func (*Cipher) DecryptFileName 

func (c *Cipher) DecryptFileName(in string) (string, error)

DecryptFileName decrypts a file path

func (*Cipher) DecryptedSize 

func (c *Cipher) DecryptedSize(size int64) (int64, error)

DecryptedSize calculates the size of the data when decrypted

func (*Cipher) EncryptData 

func (c *Cipher) EncryptData(in io.Reader) (io.Reader, error)

EncryptData encrypts the data stream

func (*Cipher) EncryptDirName 

func (c *Cipher) EncryptDirName(in string) string

EncryptDirName encrypts a directory path

func (*Cipher) EncryptFileName 

func (c *Cipher) EncryptFileName(in string) string

EncryptFileName encrypts a file path

func (*Cipher) EncryptedSize 

func (c *Cipher) EncryptedSize(size int64) int64

EncryptedSize calculates the size of the data when encrypted

func (*Cipher) Key 

func (c *Cipher) Key(password, salt string) (err error)

Key creates all the internal keys from the password passed in using scrypt.

If salt is "" we use a fixed salt just to make attackers lives slightly harder than using no salt.

Note that empty password makes all 0x00 keys which is used in the tests.

func (*Cipher) NameEncryptionMode 

func (c *Cipher) NameEncryptionMode() NameEncryptionMode

NameEncryptionMode returns the encryption mode in use for names

type Fs 

type Fs struct {
	fs.Fs
	// contains filtered or unexported fields
}

Fs represents a wrapped fs.Fs

func (*Fs) About 

func (f *Fs) About(ctx context.Context) (*fs.Usage, error)

About gets quota information from the Fs

func (*Fs) ChangeNotify 

func (f *Fs) ChangeNotify(ctx context.Context, notifyFunc func(string, fs.EntryType), pollIntervalChan <-chan time.Duration)

ChangeNotify calls the passed function with a path that has had changes. If the implementation uses polling, it should adhere to the given interval.

func (*Fs) CleanUp 

func (f *Fs) CleanUp(ctx context.Context) error

CleanUp the trash in the Fs

Implement this if you have a way of emptying the trash or otherwise cleaning up old versions of files.

func (*Fs) Command 

func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error)

Command the backend to run a named command

The command run is name args may be used to read arguments from opts may be used to read optional arguments from

The result should be capable of being JSON encoded If it is a string or a []string it will be shown to the user otherwise it will be JSON encoded and shown to the user like that

func (*Fs) ComputeHash 

func (f *Fs) ComputeHash(ctx context.Context, o *Object, src fs.Object, hashType hash.Type) (hashStr string, err error)

ComputeHash takes the nonce from o, and encrypts the contents of src with it, and calculates the hash given by HashType on the fly

Note that we break lots of encapsulation in this function.

func (*Fs) Copy 

func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error)

Copy src to this remote using server-side copy operations.

This is stored with the remote path given.

It returns the destination Object and a possible error.

Will only be called if src.Fs().Name() == f.Name()

If it isn't possible then return fs.ErrorCantCopy

func (*Fs) DecryptFileName 

func (f *Fs) DecryptFileName(encryptedFileName string) (string, error)

DecryptFileName returns a decrypted file name

func (*Fs) DirCacheFlush 

func (f *Fs) DirCacheFlush()

DirCacheFlush resets the directory cache - used in testing as an optional interface

func (*Fs) DirMove 

func (f *Fs) DirMove(ctx context.Context, src fs.Fs, srcRemote, dstRemote string) error

DirMove moves src, srcRemote to this remote at dstRemote using server-side move operations.

Will only be called if src.Fs().Name() == f.Name()

If it isn't possible then return fs.ErrorCantDirMove

If destination exists then return fs.ErrorDirExists

func (*Fs) DirSetModTime 

func (f *Fs) DirSetModTime(ctx context.Context, dir string, modTime time.Time) error

DirSetModTime sets the directory modtime for dir

func (*Fs) Disconnect 

func (f *Fs) Disconnect(ctx context.Context) error

Disconnect the current user

func (*Fs) EncryptFileName 

func (f *Fs) EncryptFileName(fileName string) string

EncryptFileName returns an encrypted file name

func (*Fs) Features 

func (f *Fs) Features() *fs.Features

Features returns the optional features of this Fs

func (*Fs) Hashes 

func (f *Fs) Hashes() hash.Set

Hashes returns the supported hash sets.

func (*Fs) List 

func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error)

List the objects and directories in dir into entries. The entries can be returned in any order but should be for a complete directory.

dir should be "" to list the root, and should not have trailing slashes.

This should return ErrDirNotFound if the directory isn't found.

func (*Fs) ListR 

func (f *Fs) ListR(ctx context.Context, dir string, callback fs.ListRCallback) (err error)

ListR lists the objects and directories of the Fs starting from dir recursively into out.

dir should be "" to start from the root, and should not have trailing slashes.

This should return ErrDirNotFound if the directory isn't found.

It should call callback for each tranche of entries read. These need not be returned in any particular order. If callback returns an error then the listing will stop immediately.

Don't implement this unless you have a more efficient way of listing recursively that doing a directory traversal.

func (*Fs) MergeDirs 

func (f *Fs) MergeDirs(ctx context.Context, dirs []fs.Directory) error

MergeDirs merges the contents of all the directories passed in into the first one and rmdirs the other directories.

func (*Fs) Mkdir 

func (f *Fs) Mkdir(ctx context.Context, dir string) error

Mkdir makes the directory (container, bucket)

Shouldn't return an error if it already exists

func (*Fs) MkdirMetadata 

func (f *Fs) MkdirMetadata(ctx context.Context, dir string, metadata fs.Metadata) (fs.Directory, error)

MkdirMetadata makes the root directory of the Fs object

func (*Fs) Move 

func (f *Fs) Move(ctx context.Context, src fs.Object, remote string) (fs.Object, error)

Move src to this remote using server-side move operations.

This is stored with the remote path given.

It returns the destination Object and a possible error.

Will only be called if src.Fs().Name() == f.Name()

If it isn't possible then return fs.ErrorCantMove

func (*Fs) Name 

func (f *Fs) Name() string

Name of the remote (as passed into NewFs)

func (*Fs) NewObject 

func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error)

NewObject finds the Object at remote. 

func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration, unlink bool) (string, error)

PublicLink generates a public link to the remote path (usually readable by anyone)

func (*Fs) Purge 

func (f *Fs) Purge(ctx context.Context, dir string) error

Purge all files in the directory specified

Implement this if you have a way of deleting all the files quicker than just running Remove() on the result of List()

Return an error if it doesn't exist

func (*Fs) Put 

func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)

Put in to the remote path with the modTime given of the given size

May create the object even if it returns an error - if so will return the object and the error, otherwise will return nil and the error

func (*Fs) PutStream 

func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)

PutStream uploads to the remote path with the modTime given of indeterminate size

func (*Fs) PutUnchecked 

func (f *Fs) PutUnchecked(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)

PutUnchecked uploads the object

This will create a duplicate if we upload a new file without checking to see if there is one already - use Put() for that.

func (*Fs) Rmdir 

func (f *Fs) Rmdir(ctx context.Context, dir string) error

Rmdir removes the directory (container, bucket) if empty

Return an error if it doesn't exist or isn't empty

func (*Fs) Root 

func (f *Fs) Root() string

Root of the remote (as passed into NewFs)

func (*Fs) SetWrapper 

func (f *Fs) SetWrapper(wrapper fs.Fs)

SetWrapper sets the Fs that is wrapping this Fs

func (*Fs) Shutdown 

func (f *Fs) Shutdown(ctx context.Context) error

Shutdown the backend, closing any background tasks and any cached connections.

func (*Fs) String 

func (f *Fs) String() string

String returns a description of the FS

func (*Fs) UnWrap 

func (f *Fs) UnWrap() fs.Fs

UnWrap returns the Fs that this Fs is wrapping

func (*Fs) UserInfo 

func (f *Fs) UserInfo(ctx context.Context) (map[string]string, error)

UserInfo returns info about the connected user

func (*Fs) WrapFs 

func (f *Fs) WrapFs() fs.Fs

WrapFs returns the Fs that is wrapping this Fs

type NameEncryptionMode 

type NameEncryptionMode int

NameEncryptionMode is the type of file name encryption in use 

const (
	NameEncryptionOff NameEncryptionMode = iota
	NameEncryptionStandard
	NameEncryptionObfuscated
)

NameEncryptionMode levels

func NewNameEncryptionMode 

func NewNameEncryptionMode(s string) (mode NameEncryptionMode, err error)

NewNameEncryptionMode turns a string into a NameEncryptionMode

func (NameEncryptionMode) String 

func (mode NameEncryptionMode) String() (out string)

String turns mode into a human-readable string

type Object 

type Object struct {
	fs.Object
	// contains filtered or unexported fields
}

Object describes a wrapped for being read from the Fs

This decrypts the remote name and decrypts the data

func (*Object) Fs 

func (o *Object) Fs() fs.Info

Fs returns read only access to the Fs that this object is part of

func (*Object) GetTier 

func (o *Object) GetTier() string

GetTier returns storage tier or class of the Object

func (*Object) Hash 

func (o *Object) Hash(ctx context.Context, ht hash.Type) (string, error)

Hash returns the selected checksum of the file If no checksum is available it returns ""

func (*Object) ID 

func (o *Object) ID() string

ID returns the ID of the Object if known, or "" if not

func (*Object) Metadata 

func (o *Object) Metadata(ctx context.Context) (fs.Metadata, error)

Metadata returns metadata for an object

It should return nil if there is no Metadata

func (*Object) MimeType 

func (o *Object) MimeType(ctx context.Context) string

MimeType returns the content type of the Object if known, or "" if not

This is deliberately unsupported so we don't leak mime type info by default.

func (*Object) Open 

func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (rc io.ReadCloser, err error)

Open opens the file for read. Call Close() on the returned io.ReadCloser

func (*Object) Remote 

func (o *Object) Remote() string

Remote returns the remote path

func (*Object) SetMetadata 

func (o *Object) SetMetadata(ctx context.Context, metadata fs.Metadata) error

SetMetadata sets metadata for an Object

It should return fs.ErrorNotImplemented if it can't set metadata

func (*Object) SetTier 

func (o *Object) SetTier(tier string) error

SetTier performs changing storage tier of the Object if multiple storage classes supported

func (*Object) Size 

func (o *Object) Size() int64

Size returns the size of the file

func (*Object) String 

func (o *Object) String() string

Return a string version

func (*Object) UnWrap 

func (o *Object) UnWrap() fs.Object

UnWrap returns the wrapped Object

func (*Object) Update 

func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error

Update in to the object with the modTime given of the given size

type ObjectInfo 

type ObjectInfo struct {
	fs.ObjectInfo
	// contains filtered or unexported fields
}

ObjectInfo describes a wrapped fs.ObjectInfo for being the source

This encrypts the remote name and adjusts the size

func (*ObjectInfo) Fs 

func (o *ObjectInfo) Fs() fs.Info

Fs returns read only access to the Fs that this object is part of

func (*ObjectInfo) GetTier 

func (o *ObjectInfo) GetTier() string

GetTier returns storage tier or class of the Object

func (*ObjectInfo) Hash 

func (o *ObjectInfo) Hash(ctx context.Context, hash hash.Type) (string, error)

Hash returns the selected checksum of the file If no checksum is available it returns ""

func (*ObjectInfo) ID 

func (o *ObjectInfo) ID() string

ID returns the ID of the Object if known, or "" if not

func (*ObjectInfo) Metadata 

func (o *ObjectInfo) Metadata(ctx context.Context) (fs.Metadata, error)

Metadata returns metadata for an object

It should return nil if there is no Metadata

func (*ObjectInfo) MimeType 

func (o *ObjectInfo) MimeType(ctx context.Context) string

MimeType returns the content type of the Object if known, or "" if not

This is deliberately unsupported so we don't leak mime type info by default.

func (*ObjectInfo) Remote 

func (o *ObjectInfo) Remote() string

Remote returns the remote path

func (*ObjectInfo) Size 

func (o *ObjectInfo) Size() int64

Size returns the size of the file

func (*ObjectInfo) UnWrap 

func (o *ObjectInfo) UnWrap() fs.Object

UnWrap returns the Object that this Object is wrapping or nil if it isn't wrapping anything

type OpenRangeSeek 

type OpenRangeSeek func(ctx context.Context, offset, limit int64) (io.ReadCloser, error)

OpenRangeSeek opens the file handle at the offset with the limit given

type Options 

type Options struct {
	Remote                  string `config:"remote"`
	FilenameEncryption      string `config:"filename_encryption"`
	DirectoryNameEncryption bool   `config:"directory_name_encryption"`
	NoDataEncryption        bool   `config:"no_data_encryption"`
	Password                string `config:"password"`
	Password2               string `config:"password2"`
	ServerSideAcrossConfigs bool   `config:"server_side_across_configs"`
	ShowMapping             bool   `config:"show_mapping"`
	PassBadBlocks           bool   `config:"pass_bad_blocks"`
	FilenameEncoding        string `config:"filename_encoding"`
	Suffix                  string `config:"suffix"`
	StrictNames             bool   `config:"strict_names"`
}

Options defines the configuration for this backend

type ReadSeekCloser 

type ReadSeekCloser interface {
	io.Reader
	io.Seeker
	io.Closer
	fs.RangeSeeker
}

ReadSeekCloser is the interface of the read handles

Source Files

View all Source files

Directories

Path Synopsis
Package pkcs7 implements PKCS#7 padding
 Package pkcs7 implements PKCS#7 padding

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.