encryptSegment encrypts a path segment This uses EME with AES. EME (ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003 paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway. This makes for deterministic encryption which is what we want - the same filename must encrypt to
(plaintext string)
| 276 | // - filenames with the same name will encrypt the same |
| 277 | // - filenames which start the same won't have a common prefix |
| 278 | func (c *Cipher) encryptSegment(plaintext string) string { |
| 279 | if plaintext == "" { |
| 280 | return "" |
| 281 | } |
| 282 | paddedPlaintext := pkcs7.Pad(nameCipherBlockSize, []byte(plaintext)) |
| 283 | ciphertext := eme.Transform(c.block, c.nameTweak[:], paddedPlaintext, eme.DirectionEncrypt) |
| 284 | return c.fileNameEnc.EncodeToString(ciphertext) |
| 285 | } |
| 286 | |
| 287 | // decryptSegment decrypts a path segment |
| 288 | func (c *Cipher) decryptSegment(ciphertext string) (string, error) { |