cryptfs

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 1, 2015 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DEFAULT_PLAINBS = 4096
	KEY_LEN         = 32 // AES-256
	NONCE_LEN       = 12
	AUTH_TAG_LEN    = 16
	BLOCK_OVERHEAD  = NONCE_LEN + AUTH_TAG_LEN
)
View Source 
const (
	ENCRYPT = true
	DECRYPT = false
)
View Source 
const (
	HEADER_CURRENT_VERSION = 1                                  // Current on-disk-format version
	HEADER_VERSION_LEN     = 2                                  // uint16
	HEADER_ID_LEN          = 16                                 // 128 bit random file id
	HEADER_LEN             = HEADER_VERSION_LEN + HEADER_ID_LEN // Total header length
)
View Source 
const (
	// The dot "." is not used in base64url (RFC4648), hence
	// we can never clash with an encrypted file.
	ConfDefaultName = "gocryptfs.conf"
)
View Source 
const (
	// 1 << 16 uses 64MB of memory,
	// takes 4 seconds on my Atom Z3735F netbook
	SCRYPT_DEFAULT_N = 1 << 16
)

Variables

View Source 
var Debug = logChannel{false}
View Source 
var Notice = logChannel{true}
View Source 
var Warn = logChannel{true}

Functions

func CreateConfFile 

func CreateConfFile(filename string, password string) error

CreateConfFile - create a new config with a random key encrypted with "password" and write it to "filename"

func MinUint64 

func MinUint64(x uint64, y uint64) uint64

func NewScryptKdf 

func NewScryptKdf() scryptKdf

func RandBytes 

func RandBytes(n int) []byte

Get "n" random bytes from /dev/urandom or panic

Types

type ConfFile 

type ConfFile struct {

	// Encrypted AES key, unlocked using a password hashed with scrypt
	EncryptedKey []byte
	// Stores parameters for scrypt hashing (key derivation)
	ScryptObject scryptKdf
	// The On-Disk-Format version this filesystem uses
	Version uint16
	// contains filtered or unexported fields
}

func LoadConfFile 

func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error)

LoadConfFile - read config file from disk and decrypt the contained key using password

func (*ConfFile) EncryptKey 

func (cf *ConfFile) EncryptKey(key []byte, password string)

EncryptKey - encrypt "key" using an scrypt hash generated from "password" and store it in cf.EncryptedKey

func (*ConfFile) WriteFile 

func (cf *ConfFile) WriteFile() error

WriteFile - write out config in JSON format to file "filename.tmp" then rename over "filename"

type CryptFS 

type CryptFS struct {
	// contains filtered or unexported fields
}

func NewCryptFS 

func NewCryptFS(key []byte, useOpenssl bool) *CryptFS

func (*CryptFS) BlockNoToCipherOff 

func (be *CryptFS) BlockNoToCipherOff(blockNo uint64) uint64

get ciphertext offset of block "blockNo"

func (*CryptFS) BlockNoToPlainOff 

func (be *CryptFS) BlockNoToPlainOff(blockNo uint64) uint64

get plaintext offset of block "blockNo"

func (*CryptFS) CipherOffToBlockNo 

func (be *CryptFS) CipherOffToBlockNo(cipherOffset uint64) uint64

get the block number at ciphter-text offset

func (*CryptFS) CipherSizeToPlainSize 

func (be *CryptFS) CipherSizeToPlainSize(cipherSize uint64) uint64

PlainSize - calculate plaintext size from ciphertext size

func (*CryptFS) DecryptBlock 

func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte) ([]byte, error)

DecryptBlock - Verify and decrypt GCM block

Corner case: A full-sized block of all-zero ciphertext bytes is translated to an all-zero plaintext block, i.e. file hole passtrough.

func (*CryptFS) DecryptBlocks 

func (be *CryptFS) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error)

DecryptBlocks - Decrypt a number of blocks

func (*CryptFS) DecryptPath 

func (be *CryptFS) DecryptPath(path string) (string, error)

DecryptPath - decrypt filename or path. Just hands it to TranslatePath().

func (*CryptFS) EncryptBlock 

func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) []byte

encryptBlock - Encrypt and add IV and MAC

func (*CryptFS) EncryptPath 

func (be *CryptFS) EncryptPath(path string) string

EncryptPath - encrypt filename or path. Just hands it to TranslatePath().

func (*CryptFS) ExplodePlainRange 

func (be *CryptFS) ExplodePlainRange(offset uint64, length uint64) []intraBlock

Split a plaintext byte range into (possibly partial) blocks

func (*CryptFS) MergeBlocks 

func (be *CryptFS) MergeBlocks(oldData []byte, newData []byte, offset int) []byte

MergeBlocks - Merge newData into oldData at offset New block may be bigger than both newData and oldData

func (*CryptFS) PlainBS 

func (be *CryptFS) PlainBS() uint64

Get plaintext block size

func (*CryptFS) PlainOffToBlockNo 

func (be *CryptFS) PlainOffToBlockNo(plainOffset uint64) uint64

get the block number at plain-text offset

func (*CryptFS) PlainSizeToCipherSize 

func (be *CryptFS) PlainSizeToCipherSize(plainSize uint64) uint64

CipherSize - calculate ciphertext size from plaintext size

type CryptFile 

type CryptFile struct {
	// contains filtered or unexported fields
}

type FileHeader 

type FileHeader struct {
	Version uint16
	Id      []byte
}

func ParseHeader 

func ParseHeader(buf []byte) (*FileHeader, error)

ParseHeader - parse "buf" into fileHeader object

func RandomHeader 

func RandomHeader() *FileHeader

RandomHeader - create new fileHeader object with random Id

func (*FileHeader) Pack 

func (h *FileHeader) Pack() []byte

Pack - serialize fileHeader object

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.