diff options
| author | Jakob Unterwurzacher | 2015-10-03 13:36:49 +0200 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2015-10-03 19:16:34 +0200 | 
| commit | 79870ab0960febcbc82e32d632ed4a9ea99b6f03 (patch) | |
| tree | e9af1bb576b40eef5214278e27bcb0fecb20aa3c | |
| parent | 38bf8a2fcfe0b7260c08d49ed04c9667871f0992 (diff) | |
debug: log inode number instead of encrypted filename
Makes the log output smaller and more readable.
| -rw-r--r-- | cryptfs/cryptfs.go | 6 | ||||
| -rw-r--r-- | cryptfs/cryptfs_content.go | 17 | ||||
| -rw-r--r-- | cryptfs/log.go | 14 | ||||
| -rw-r--r-- | pathfs_frontend/file.go | 47 | 
4 files changed, 69 insertions, 15 deletions
| diff --git a/cryptfs/cryptfs.go b/cryptfs/cryptfs.go index 71ec996..46f5b65 100644 --- a/cryptfs/cryptfs.go +++ b/cryptfs/cryptfs.go @@ -58,6 +58,12 @@ func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {  	}  } +// Get plaintext block size  func (be *CryptFS) PlainBS() uint64 {  	return be.plainBS  } + +// Get ciphertext block size +func (be *CryptFS) CipherBS() uint64 { +	return be.cipherBS +} diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go index e42011a..a4dc78a 100644 --- a/cryptfs/cryptfs_content.go +++ b/cryptfs/cryptfs_content.go @@ -7,8 +7,22 @@ import (  	"os"  	"errors"  	"crypto/cipher" +	"crypto/md5" +	"encoding/hex"  ) +const ( +	// A block of 4124 zero bytes has this md5 +	ZeroBlockMd5 = "64331af89bd15a987b39855338336237" +) + +// md5sum - debug helper, return md5 hex string +func md5sum(buf []byte) string { +	rawHash := md5.Sum(buf) +	hash := hex.EncodeToString(rawHash[:]) +	return hash +} +  type CryptFile struct {  	file *os.File  	gcm cipher.AEAD @@ -55,6 +69,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte) ([]byte, error) {  	// Extract nonce  	nonce := ciphertext[:NONCE_LEN] +	ciphertextOrig := ciphertext  	ciphertext = ciphertext[NONCE_LEN:]  	// Decrypt @@ -63,7 +78,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte) ([]byte, error) {  	plaintext, err := be.gcm.Open(plaintext, nonce, ciphertext, nil)  	if err != nil { -		Warn.Printf("DecryptBlock: %s\n", err.Error()) +		Warn.Printf("DecryptBlock: %s, len=%d, md5=%s\n", err.Error(), len(ciphertextOrig), Warn.Md5sum(ciphertextOrig))  		return nil, err  	} diff --git a/cryptfs/log.go b/cryptfs/log.go index d40aa3f..850ec9e 100644 --- a/cryptfs/log.go +++ b/cryptfs/log.go @@ -15,6 +15,12 @@ func (l *logChannel) Printf(format string, args ...interface{}) {  	}  } +func (l *logChannel) Println(s string) { +	if l.enabled == true { +		fmt.Println(s) +	} +} +  func (l *logChannel) Dump(d []byte) {  	s := string(d)  	fmt.Println(strings.Replace(s, "\000", "\\0", -1)) @@ -24,6 +30,14 @@ func (l *logChannel) Enable() {  	l.enabled = true  } +// Only actually calculate the md5sum if the log channel is enabled to save +// CPU cycles +func (l *logChannel) Md5sum(buf []byte) string { +	if l.enabled == false { +		return "" +	} +	return md5sum(buf) +}  var Debug = logChannel{false}  var Notice = logChannel{true} diff --git a/pathfs_frontend/file.go b/pathfs_frontend/file.go index a4ed30b..de00a11 100644 --- a/pathfs_frontend/file.go +++ b/pathfs_frontend/file.go @@ -30,13 +30,20 @@ type file struct {  	// Parent CryptFS  	cfs *cryptfs.CryptFS + +	// Inode number +	ino uint64  }  func NewFile(fd *os.File, writeOnly bool, cfs *cryptfs.CryptFS) nodefs.File { +	var st syscall.Stat_t +	syscall.Fstat(int(fd.Fd()), &st) +  	return &file{  		fd: fd,  		writeOnly: writeOnly,  		cfs: cfs, +		ino: st.Ino,  	}  } @@ -51,11 +58,13 @@ func (f *file) String() string {  	return fmt.Sprintf("cryptFile(%s)", f.fd.Name())  } -// doRead - returns "length" plaintext bytes from plaintext offset "offset". -// Reads the corresponding ciphertext from disk, decryptfs it, returns the relevant -// part. +// doRead - returns "length" plaintext bytes from plaintext offset "off". +// Arguments "length" and "off" do not have to be aligned.  // -// Called by Read(), for RMW in Write() and Truncate() +// doRead reads the corresponding ciphertext blocks from disk, decryptfs them and +// returns the requested part of the plaintext. +// +// Called by Read() and by Write() and Truncate() for RMW  func (f *file) doRead(off uint64, length uint64) ([]byte, fuse.Status) {  	// Read the backing ciphertext in one go @@ -65,18 +74,25 @@ func (f *file) doRead(off uint64, length uint64) ([]byte, fuse.Status) {  	f.lock.Lock()  	n, err := f.fd.ReadAt(ciphertext, int64(alignedOffset))  	f.lock.Unlock() -	ciphertext = ciphertext[0:n]  	if err != nil && err != io.EOF {  		cryptfs.Warn.Printf("read: ReadAt: %s\n", err.Error())  		return nil, fuse.ToStatus(err)  	} -	cryptfs.Debug.Printf("ReadAt offset=%d length=%d -> n=%d len=%d\n", alignedLength, alignedOffset, n, len(ciphertext)) +	// Truncate ciphertext buffer down to actually read bytes +	ciphertext = ciphertext[0:n] +	{ +		blockNo := alignedOffset / f.cfs.CipherBS() +		cryptfs.Debug.Printf("ReadAt offset=%d bytes (%d blocks), want=%d, got=%d\n", alignedOffset, blockNo, alignedLength, n) +	}  	// Decrypt it  	plaintext, err := f.cfs.DecryptBlocks(ciphertext)  	if err != nil { -		cryptfs.Warn.Printf("Corrupt block at offset=%d\n", off + uint64(len(plaintext))) -		cryptfs.Warn.Printf("doRead: returning IO error\n") +		blockNo := (alignedOffset + uint64(len(plaintext))) / f.cfs.PlainBS() +		cipherOff := blockNo * f.cfs.CipherBS() +		plainOff := blockNo * f.cfs.PlainBS() +		cryptfs.Warn.Printf("ino%d: doRead: corrupt block #%d (plainOff=%d/%d, cipherOff=%d/%d)\n", +			f.ino, blockNo, plainOff, f.cfs.PlainBS(), cipherOff, f.cfs.CipherBS())  		return nil, fuse.EIO  	} @@ -97,29 +113,29 @@ func (f *file) doRead(off uint64, length uint64) ([]byte, fuse.Status) {  // Read - FUSE call  func (f *file) Read(buf []byte, off int64) (resultData fuse.ReadResult, code fuse.Status) { -	cryptfs.Debug.Printf("Read %s: offset=%d length=%d\n", f.fd.Name(), len(buf), off) +	cryptfs.Debug.Printf("ino%d: Read: offset=%d length=%d\n", f.ino, len(buf), off)  	if f.writeOnly { -		cryptfs.Warn.Printf("Tried to read from write-only file\n") +		cryptfs.Warn.Printf("ino%d: Tried to read from write-only file\n", f.ino)  		return nil, fuse.EBADF  	}  	out, status := f.doRead(uint64(off), uint64(len(buf)))  	if status == fuse.EIO { -		cryptfs.Warn.Printf("Read failed with EIO: file %s, offset=%d, length=%d\n", f.fd.Name(), len(buf), off) +		cryptfs.Warn.Printf("ino%d: Read failed with EIO, offset=%d, length=%d\n", f.ino, len(buf), off)  	}  	if status != fuse.OK {  		return nil, status  	} -	cryptfs.Debug.Printf("Read: status %v, returning %d bytes\n", status, len(out)) +	cryptfs.Debug.Printf("ino%d: Read: status %v, returning %d bytes\n", f.ino, status, len(out))  	return fuse.ReadResultData(out), status  }  // Write - FUSE call  func (f *file) Write(data []byte, off int64) (uint32, fuse.Status) { -	cryptfs.Debug.Printf("Write %s: offset=%d length=%d\n", f.fd.Name(), off, len(data)) +	cryptfs.Debug.Printf("ino%d: Write %s: offset=%d length=%d\n", f.ino, off, len(data))  	var written uint32  	status := fuse.OK @@ -146,7 +162,10 @@ func (f *file) Write(data []byte, off int64) (uint32, fuse.Status) {  		// Write  		blockOffset, _ := b.CiphertextRange()  		blockData = f.cfs.EncryptBlock(blockData) -		cryptfs.Debug.Printf("WriteAt offset=%d length=%d\n", blockOffset, len(blockData)) +		cryptfs.Debug.Printf("ino%d: Writing %d bytes to block #%d, md5=%s\n", f.ino, len(blockData), b.BlockNo, cryptfs.Debug.Md5sum(blockData)) +		if len(blockData) != int(f.cfs.CipherBS()) { +			cryptfs.Debug.Printf("ino%d: Writing partial block #%d (%d bytes)\n", b.BlockNo, len(blockData)) +		}  		f.lock.Lock()  		_, err := f.fd.WriteAt(blockData, int64(blockOffset))  		f.lock.Unlock() | 
