contentenc

package

v0.0.0-...-ece74ff Latest Latest Go to latest Published: Jun 11, 2021 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/HorizonLiu/gocryptfs

Links

Open Source Insights

Documentation ¶

Overview ¶

Package contentenc encrypts and decrypts file blocks.

Index ¶

Constants
func JointPlaintextRange(blocks []IntraBlock) (offset uint64, length uint64)
func MinUint64(x uint64, y uint64) uint64
type ContentEnc
- func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc
type FileHeader
- func ParseHeader(buf []byte) (*FileHeader, error)
- func RandomHeader() *FileHeader
- func (h *FileHeader) Pack() []byte
type IntraBlock
type NonceMode

Constants ¶

View Source

const (
	// CurrentVersion is the current On-Disk-Format version
	CurrentVersion = 2

	// HeaderLen is the total header length
	HeaderLen = headerVersionLen + headerIDLen
)

Variables ¶

This section is empty.

Functions ¶

func JointPlaintextRange ¶

func JointPlaintextRange(blocks []IntraBlock) (offset uint64, length uint64)

JointPlaintextRange is the plaintext range corresponding to the sum of all "blocks" (complete blocks)

func MinUint64 ¶

func MinUint64(x uint64, y uint64) uint64

MinUint64 returns the minimum of two uint64 values.

Types ¶

type ContentEnc ¶

type ContentEnc struct {

	// Ciphertext request data pool. Always returns byte slices of size
	// fuse.MAX_KERNEL_WRITE + encryption overhead.
	// Used by Read() to temporarily store the ciphertext as it is read from
	// disk.
	CReqPool bPool
	// Plaintext request data pool. Slice have size fuse.MAX_KERNEL_WRITE.
	PReqPool bPool
	// contains filtered or unexported fields
}

ContentEnc is used to encipher and decipher file content.

func New ¶

func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc

New returns an initialized ContentEnc instance.

func (*ContentEnc) BlockNoToCipherOff ¶

func (be *ContentEnc) BlockNoToCipherOff(blockNo uint64) uint64

BlockNoToCipherOff gets the ciphertext offset of block "blockNo"

func (*ContentEnc) BlockNoToPlainOff ¶

func (be *ContentEnc) BlockNoToPlainOff(blockNo uint64) uint64

BlockNoToPlainOff gets the plaintext offset of block "blockNo"

func (*ContentEnc) BlockOverhead ¶

func (be *ContentEnc) BlockOverhead() uint64

BlockOverhead returns the per-block overhead.

func (*ContentEnc) CipherBS ¶

func (be *ContentEnc) CipherBS() uint64

CipherBS returns the ciphertext block size

func (*ContentEnc) CipherOffToBlockNo ¶

func (be *ContentEnc) CipherOffToBlockNo(cipherOffset uint64) uint64

CipherOffToBlockNo converts the ciphertext offset to the plaintext block number.

func (*ContentEnc) CipherSizeToPlainSize ¶

func (be *ContentEnc) CipherSizeToPlainSize(cipherSize uint64) uint64

CipherSizeToPlainSize calculates the plaintext size `plainSize` from a ciphertext size `cipherSize` (in bytes).

Not all ciphertext sizes are legal due to the per-block overheads. For an illegal cipherSize, we return a best guess plainSize.

func (*ContentEnc) DecryptBlock ¶

func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []byte) ([]byte, error)

DecryptBlock - Verify and decrypt GCM block

Corner case: A full-sized block of all-zero ciphertext bytes is translated to an all-zero plaintext block, i.e. file hole passthrough.

func (*ContentEnc) DecryptBlocks ¶

func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileID []byte) ([]byte, error)

DecryptBlocks decrypts a number of blocks

func (*ContentEnc) EncryptBlock ¶

func (be *ContentEnc) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte

EncryptBlock - Encrypt plaintext using a random nonce. blockNo and fileID are used as associated data. The output is nonce + ciphertext + tag.

func (*ContentEnc) EncryptBlockNonce ¶

func (be *ContentEnc) EncryptBlockNonce(plaintext []byte, blockNo uint64, fileID []byte, nonce []byte) []byte

EncryptBlockNonce - Encrypt plaintext using a nonce chosen by the caller. blockNo and fileID are used as associated data. The output is nonce + ciphertext + tag. This function can only be used in SIV mode.

func (*ContentEnc) EncryptBlocks ¶

func (be *ContentEnc) EncryptBlocks(plaintextBlocks [][]byte, firstBlockNo uint64, fileID []byte) []byte

EncryptBlocks is like EncryptBlock but takes multiple plaintext blocks. Returns a byte slice from CReqPool - so don't forget to return it to the pool.

func (*ContentEnc) ExplodeCipherRange ¶

func (be *ContentEnc) ExplodeCipherRange(offset uint64, length uint64) []IntraBlock

ExplodeCipherRange splits a ciphertext byte range into (possibly partial) blocks This is used in reverse mode when reading files

func (*ContentEnc) ExplodePlainRange ¶

func (be *ContentEnc) ExplodePlainRange(offset uint64, length uint64) []IntraBlock

ExplodePlainRange splits a plaintext byte range into (possibly partial) blocks Returns an empty slice if length == 0.

func (*ContentEnc) MergeBlocks ¶

func (be *ContentEnc) MergeBlocks(oldData []byte, newData []byte, offset int) []byte

MergeBlocks - Merge newData into oldData at offset New block may be bigger than both newData and oldData

func (*ContentEnc) PlainBS ¶

func (be *ContentEnc) PlainBS() uint64

PlainBS returns the plaintext block size

func (*ContentEnc) PlainOffToBlockNo ¶

func (be *ContentEnc) PlainOffToBlockNo(plainOffset uint64) uint64

PlainOffToBlockNo converts a plaintext offset to the ciphertext block number.

func (*ContentEnc) PlainOffToCipherOff ¶

func (be *ContentEnc) PlainOffToCipherOff(plainOff uint64) uint64

PlainOffToCipherOff tells you the highest ciphertext offset that is *guaranteed* to be written/read when you write/read at `plainOff`.

func (*ContentEnc) PlainSizeToCipherSize ¶

func (be *ContentEnc) PlainSizeToCipherSize(plainSize uint64) uint64

PlainSizeToCipherSize calculates the ciphertext size from a plaintext size.

func (*ContentEnc) Wipe ¶

func (be *ContentEnc) Wipe()

Wipe tries to wipe secret keys from memory by overwriting them with zeros and/or setting references to nil.

type FileHeader ¶

type FileHeader struct {
	Version uint16
	ID      []byte
}

FileHeader represents the header stored on each non-empty file.

func ParseHeader ¶

func ParseHeader(buf []byte) (*FileHeader, error)

ParseHeader - parse "buf" into fileHeader object

func RandomHeader ¶

func RandomHeader() *FileHeader

RandomHeader - create new fileHeader object with random Id

func (*FileHeader) Pack ¶

func (h *FileHeader) Pack() []byte

Pack - serialize fileHeader object

type IntraBlock ¶

type IntraBlock struct {
	// BlockNo is the block number in the file
	BlockNo uint64
	// Skip is an offset into the block payload
	// In forward mode: block plaintext
	// In reverse mode: offset into block ciphertext. Takes the header into
	// account.
	Skip uint64
	// Length of payload data in this block
	// In forward mode: length of the plaintext
	// In reverse mode: length of the ciphertext. Takes header and trailer into
	// account.
	Length uint64
	// contains filtered or unexported fields
}

IntraBlock identifies a part of a file block

func (*IntraBlock) BlockCipherOff ¶

func (ib *IntraBlock) BlockCipherOff() (offset uint64)

BlockCipherOff returns the ciphertext offset corresponding to BlockNo

func (*IntraBlock) BlockPlainOff ¶

func (ib *IntraBlock) BlockPlainOff() (offset uint64)

BlockPlainOff returns the plaintext offset corresponding to BlockNo

func (*IntraBlock) CropBlock ¶

func (ib *IntraBlock) CropBlock(d []byte) []byte

CropBlock - crop a potentially larger plaintext block down to the relevant part

func (*IntraBlock) IsPartial ¶

func (ib *IntraBlock) IsPartial() bool

IsPartial - is the block partial? This means we have to do read-modify-write.

func (*IntraBlock) JointCiphertextRange ¶

func (ib *IntraBlock) JointCiphertextRange(blocks []IntraBlock) (offset uint64, length uint64)

JointCiphertextRange is the ciphertext range corresponding to the sum of all "blocks" (complete blocks)

type NonceMode ¶

type NonceMode int

NonceMode determines how nonces are created.

const (
	// DefaultBS is the default plaintext block size
	DefaultBS = 4096
	// DefaultIVBits is the default length of IV, in bits.
	// We always use 128-bit IVs for file content, but the
	// master key in the config file is encrypted with a 96-bit IV for
	// gocryptfs v1.2 and earlier. v1.3 switched to 128 bit.
	DefaultIVBits = 128

	// RandomNonce chooses a random nonce.
	RandomNonce NonceMode = iota
	// ReverseDeterministicNonce chooses a deterministic nonce, suitable for
	// use in reverse mode.
	ReverseDeterministicNonce NonceMode = iota
	// ExternalNonce derives a nonce from external sources.
	ExternalNonce NonceMode = iota
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL