Documentation
¶
Index ¶
- Constants
- Variables
- func CreateConfFile(filename string, password string, plaintextNames bool, logN int) error
- func MinUint64(x uint64, y uint64) uint64
- func NewScryptKdf(logN int) scryptKdf
- func RandBytes(n int) []byte
- func RandUint64() uint64
- func WriteDirIV(dir string) error
- type ConfFile
- type CryptFS
- func (be *CryptFS) BlockNoToCipherOff(blockNo uint64) uint64
- func (be *CryptFS) BlockNoToPlainOff(blockNo uint64) uint64
- func (be *CryptFS) BlockOverhead() uint64
- func (be *CryptFS) CipherOffToBlockNo(cipherOffset uint64) uint64
- func (be *CryptFS) CipherSizeToPlainSize(cipherSize uint64) uint64
- func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte) ([]byte, error)
- func (be *CryptFS) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error)
- func (be *CryptFS) DecryptName(cipherName string, iv []byte, EMENames bool) (string, error)
- func (be *CryptFS) DecryptPathDirIV(encryptedPath string, rootDir string, eme bool) (string, error)
- func (be *CryptFS) DecryptPathNoIV(cipherPath string) (plainPath string, err error)
- func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte
- func (be *CryptFS) EncryptPathDirIV(plainPath string, rootDir string, eme bool) (cipherPath string, err error)
- func (be *CryptFS) EncryptPathNoIV(plainPath string) (cipherPath string)
- func (be *CryptFS) ExplodePlainRange(offset uint64, length uint64) []intraBlock
- func (be *CryptFS) MergeBlocks(oldData []byte, newData []byte, offset int) []byte
- func (be *CryptFS) PlainBS() uint64
- func (be *CryptFS) PlainOffToBlockNo(plainOffset uint64) uint64
- func (be *CryptFS) PlainSizeToCipherSize(plainSize uint64) uint64
- func (be *CryptFS) ReadDirIV(dir string) (iv []byte, err error)
- type CryptFile
- type DirIVCache
- type FileHeader
Constants ¶
const ( // Understood Feature Flags. // Also teach isFeatureFlagKnown() about any additions and // add it to CreateConfFile() if you want to have it enabled by default. FlagPlaintextNames = "PlaintextNames" FlagDirIV = "DirIV" FlagEMENames = "EMENames" FlagGCMIV128 = "GCMIV128" )
const ( DEFAULT_PLAINBS = 4096 KEY_LEN = 32 // AES-256 AUTH_TAG_LEN = 16 DIRIV_LEN = 16 // identical to AES block size DIRIV_FILENAME = "gocryptfs.diriv" )
const ( HEADER_CURRENT_VERSION = 2 // Current on-disk-format version HEADER_VERSION_LEN = 2 // uint16 HEADER_ID_LEN = 16 // 128 bit random file id HEADER_LEN = HEADER_VERSION_LEN + HEADER_ID_LEN // Total header length )
const ( OpEncrypt = iota OpDecrypt )
const ( // The dot "." is not used in base64url (RFC4648), hence // we can never clash with an encrypted file. ConfDefaultName = "gocryptfs.conf" )
const ( // 1 << 16 uses 64MB of memory, // takes 4 seconds on my Atom Z3735F netbook SCRYPT_DEFAULT_LOGN = 16 )
Variables ¶
var Debug = logChannel{false}
Debug messages
var Info = logChannel{true}
Informational message e.g. startup information
var Warn = logChannel{true}
A warning, meaning nothing serious by itself but might indicate problems
Functions ¶
func CreateConfFile ¶
CreateConfFile - create a new config with a random key encrypted with "password" and write it to "filename". Uses scrypt with cost parameter logN.
func NewScryptKdf ¶
func NewScryptKdf(logN int) scryptKdf
func WriteDirIV ¶ added in v0.5.1
WriteDirIV - create diriv file inside "dir" (absolute ciphertext path) This function is exported because it is used from pathfs_frontend, main, and also the automated tests.
Types ¶
type ConfFile ¶
type ConfFile struct {
// Encrypted AES key, unlocked using a password hashed with scrypt
EncryptedKey []byte
// Stores parameters for scrypt hashing (key derivation)
ScryptObject scryptKdf
// The On-Disk-Format version this filesystem uses
Version uint16
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
// contains filtered or unexported fields
}
func LoadConfFile ¶
LoadConfFile - read config file from disk and decrypt the contained key using password.
Returns the decrypted key and the ConfFile object
func (*ConfFile) EncryptKey ¶
EncryptKey - encrypt "key" using an scrypt hash generated from "password" and store it in cf.EncryptedKey. Uses scrypt with cost parameter logN and stores the scrypt parameters in cf.ScryptObject.
func (*ConfFile) IsFeatureFlagSet ¶ added in v0.5.1
isFeatureFlagSet - is the feature flag "flagWant" enabled?
type CryptFS ¶
type CryptFS struct {
// DirIV cache for filename encryption
DirIVCacheEnc DirIVCache
// contains filtered or unexported fields
}
func NewCryptFS ¶
func (*CryptFS) BlockNoToCipherOff ¶
get ciphertext offset of block "blockNo"
func (*CryptFS) BlockNoToPlainOff ¶
get plaintext offset of block "blockNo"
func (*CryptFS) BlockOverhead ¶ added in v0.7.1
Per-block storage overhead
func (*CryptFS) CipherOffToBlockNo ¶
get the block number at ciphter-text offset
func (*CryptFS) CipherSizeToPlainSize ¶
PlainSize - calculate plaintext size from ciphertext size
func (*CryptFS) DecryptBlock ¶
DecryptBlock - Verify and decrypt GCM block
Corner case: A full-sized block of all-zero ciphertext bytes is translated to an all-zero plaintext block, i.e. file hole passtrough.
func (*CryptFS) DecryptBlocks ¶
func (be *CryptFS) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, fileId []byte) ([]byte, error)
DecryptBlocks - Decrypt a number of blocks
func (*CryptFS) DecryptName ¶ added in v0.5.1
DecryptName - decrypt base64-encoded encrypted filename "cipherName" The used encryption is either CBC or EME, depending on the "EMENames" argument.
This function is exported because it allows for a very efficient readdir implementation (read IV once, decrypt all names using this function).
func (*CryptFS) DecryptPathDirIV ¶ added in v0.5.1
DecryptPathDirIV - encrypt path using CBC or EME with DirIV
func (*CryptFS) DecryptPathNoIV ¶ added in v0.7.1
DecryptPathNoIV - decrypt path using CBC without any IV. This function is deprecated by the the more secure DirIV variant and only retained for compatability with old filesystems.
func (*CryptFS) EncryptBlock ¶
encryptBlock - Encrypt and add IV and MAC
func (*CryptFS) EncryptPathDirIV ¶ added in v0.5.1
func (be *CryptFS) EncryptPathDirIV(plainPath string, rootDir string, eme bool) (cipherPath string, err error)
EncryptPathDirIV - encrypt path using CBC or EME with DirIV
func (*CryptFS) EncryptPathNoIV ¶ added in v0.7.1
EncryptPathNoIV - decrypt path using CBC without any IV. This function is deprecated by the the more secure DirIV variant and only retained for compatability with old filesystems.
func (*CryptFS) ExplodePlainRange ¶
Split a plaintext byte range into (possibly partial) blocks
func (*CryptFS) MergeBlocks ¶
MergeBlocks - Merge newData into oldData at offset New block may be bigger than both newData and oldData
func (*CryptFS) PlainOffToBlockNo ¶
get the block number at plain-text offset
func (*CryptFS) PlainSizeToCipherSize ¶
CipherSize - calculate ciphertext size from plaintext size
type DirIVCache ¶ added in v0.5.1
type DirIVCache struct {
// contains filtered or unexported fields
}
A simple one-entry DirIV cache
func (*DirIVCache) Clear ¶ added in v0.5.1
func (c *DirIVCache) Clear()
type FileHeader ¶
func ParseHeader ¶
func ParseHeader(buf []byte) (*FileHeader, error)
ParseHeader - parse "buf" into fileHeader object
func RandomHeader ¶
func RandomHeader() *FileHeader
RandomHeader - create new fileHeader object with random Id
Source Files