contentenc

package
v1.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 5, 2021 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Overview

Package contentenc encrypts and decrypts file blocks.

Index

Constants

View Source
const (
	//value from FUSE doc
	MAX_KERNEL_WRITE = 128 * 1024

	// DefaultBS is the default plaintext block size
	DefaultBS = 4096
	// DefaultIVBits is the default length of IV, in bits.
	// We always use 128-bit IVs for file content, but the
	// master key in the config file is encrypted with a 96-bit IV for
	// gocryptfs v1.2 and earlier. v1.3 switched to 128 bit.
	DefaultIVBits = 128

	// RandomNonce chooses a random nonce.
	RandomNonce NonceMode = iota
	// ReverseDeterministicNonce chooses a deterministic nonce, suitable for
	// use in reverse mode.
	ReverseDeterministicNonce NonceMode = iota
	// ExternalNonce derives a nonce from external sources.
	ExternalNonce NonceMode = iota
)
View Source
const (
	// CurrentVersion is the current On-Disk-Format version
	CurrentVersion = 2

	// HeaderLen is the total header length
	HeaderLen = headerVersionLen + headerIDLen
)

Variables

This section is empty.

Functions

func JointPlaintextRange

func JointPlaintextRange(blocks []IntraBlock) (offset uint64, length uint64)

JointPlaintextRange is the plaintext range corresponding to the sum of all "blocks" (complete blocks)

func MinUint64

func MinUint64(x uint64, y uint64) uint64

MinUint64 returns the minimum of two uint64 values.

Types

type ContentEnc

type ContentEnc struct {

	// Ciphertext request data pool. Always returns byte slices of size
	// fuse.MAX_KERNEL_WRITE + encryption overhead.
	// Used by Read() to temporarily store the ciphertext as it is read from
	// disk.
	CReqPool bPool
	// Plaintext request data pool. Slice have size fuse.MAX_KERNEL_WRITE.
	PReqPool bPool
	// contains filtered or unexported fields
}

ContentEnc is used to encipher and decipher file content.

func New

func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc

New returns an initialized ContentEnc instance.

func (*ContentEnc) BlockNoToCipherOff

func (be *ContentEnc) BlockNoToCipherOff(blockNo uint64) uint64

BlockNoToCipherOff gets the ciphertext offset of block "blockNo"

func (*ContentEnc) BlockNoToPlainOff

func (be *ContentEnc) BlockNoToPlainOff(blockNo uint64) uint64

BlockNoToPlainOff gets the plaintext offset of block "blockNo"

func (*ContentEnc) BlockOverhead

func (be *ContentEnc) BlockOverhead() uint64

BlockOverhead returns the per-block overhead.

func (*ContentEnc) CipherBS

func (be *ContentEnc) CipherBS() uint64

CipherBS returns the ciphertext block size

func (*ContentEnc) CipherOffToBlockNo

func (be *ContentEnc) CipherOffToBlockNo(cipherOffset uint64) uint64

CipherOffToBlockNo converts the ciphertext offset to the plaintext block number.

func (*ContentEnc) CipherSizeToPlainSize

func (be *ContentEnc) CipherSizeToPlainSize(cipherSize uint64) uint64

CipherSizeToPlainSize calculates the plaintext size from a ciphertext size

func (*ContentEnc) DecryptBlock

func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []byte) ([]byte, error)

DecryptBlock - Verify and decrypt GCM block

Corner case: A full-sized block of all-zero ciphertext bytes is translated to an all-zero plaintext block, i.e. file hole passthrough.

func (*ContentEnc) DecryptBlocks

func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileID []byte) ([]byte, error)

DecryptBlocks decrypts a number of blocks

func (*ContentEnc) EncryptBlock

func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte

EncryptBlock - Encrypt plaintext using a random nonce. blockNo and fileID are used as associated data. The output is nonce + ciphertext + tag.

func (*ContentEnc) EncryptBlockNonce

func (be *ContentEnc) EncryptBlockNonce(plaintext []byte, blockNo uint64, fileID []byte, nonce []byte) []byte

EncryptBlockNonce - Encrypt plaintext using a nonce chosen by the caller. blockNo and fileID are used as associated data. The output is nonce + ciphertext + tag. This function can only be used in SIV mode.

func (*ContentEnc) EncryptBlocks

func (be *ContentEnc) EncryptBlocks(plaintextBlocks [][]byte, firstBlockNo uint64, fileID []byte) []byte

EncryptBlocks is like EncryptBlock but takes multiple plaintext blocks. Returns a byte slice from CReqPool - so don't forget to return it to the pool.

func (*ContentEnc) ExplodeCipherRange

func (be *ContentEnc) ExplodeCipherRange(offset uint64, length uint64) []IntraBlock

ExplodeCipherRange splits a ciphertext byte range into (possibly partial) blocks This is used in reverse mode when reading files

func (*ContentEnc) ExplodePlainRange

func (be *ContentEnc) ExplodePlainRange(offset uint64, length uint64) []IntraBlock

ExplodePlainRange splits a plaintext byte range into (possibly partial) blocks Returns an empty slice if length == 0.

func (*ContentEnc) MergeBlocks

func (be *ContentEnc) MergeBlocks(oldData []byte, newData []byte, offset int) []byte

MergeBlocks - Merge newData into oldData at offset New block may be bigger than both newData and oldData

func (*ContentEnc) PlainBS

func (be *ContentEnc) PlainBS() uint64

PlainBS returns the plaintext block size

func (*ContentEnc) PlainOffToBlockNo

func (be *ContentEnc) PlainOffToBlockNo(plainOffset uint64) uint64

PlainOffToBlockNo converts a plaintext offset to the ciphertext block number.

func (*ContentEnc) PlainSizeToCipherSize

func (be *ContentEnc) PlainSizeToCipherSize(plainSize uint64) uint64

PlainSizeToCipherSize calculates the ciphertext size from a plaintext size

func (*ContentEnc) Wipe

func (be *ContentEnc) Wipe()

Wipe tries to wipe secret keys from memory by overwriting them with zeros and/or setting references to nil.

type FileHeader

type FileHeader struct {
	Version uint16
	ID      []byte
}

FileHeader represents the header stored on each non-empty file.

func ParseHeader

func ParseHeader(buf []byte) (*FileHeader, error)

ParseHeader - parse "buf" into fileHeader object

func RandomHeader

func RandomHeader() *FileHeader

RandomHeader - create new fileHeader object with random Id

func (*FileHeader) Pack

func (h *FileHeader) Pack() []byte

Pack - serialize fileHeader object

type IntraBlock

type IntraBlock struct {
	// BlockNo is the block number in the file
	BlockNo uint64
	// Skip is an offset into the block payload
	// In forward mode: block plaintext
	// In reverse mode: offset into block ciphertext. Takes the header into
	// account.
	Skip uint64
	// Length of payload data in this block
	// In forward mode: length of the plaintext
	// In reverse mode: length of the ciphertext. Takes header and trailer into
	// account.
	Length uint64
	// contains filtered or unexported fields
}

IntraBlock identifies a part of a file block

func (*IntraBlock) BlockCipherOff

func (ib *IntraBlock) BlockCipherOff() (offset uint64)

BlockCipherOff returns the ciphertext offset corresponding to BlockNo

func (*IntraBlock) BlockPlainOff

func (ib *IntraBlock) BlockPlainOff() (offset uint64)

BlockPlainOff returns the plaintext offset corresponding to BlockNo

func (*IntraBlock) CropBlock

func (ib *IntraBlock) CropBlock(d []byte) []byte

CropBlock - crop a potentially larger plaintext block down to the relevant part

func (*IntraBlock) IsPartial

func (ib *IntraBlock) IsPartial() bool

IsPartial - is the block partial? This means we have to do read-modify-write.

func (*IntraBlock) JointCiphertextRange

func (ib *IntraBlock) JointCiphertextRange(blocks []IntraBlock) (offset uint64, length uint64)

JointCiphertextRange is the ciphertext range corresponding to the sum of all "blocks" (complete blocks)

type NonceMode

type NonceMode int

NonceMode determines how nonces are created.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL