-deterministic-names: accept flag on -init

And store it in gocryptfs.conf (=remove DirIV feature flag).

8 files changed, 39 insertions, 14 deletions

diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 07f063e..ab9f872 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -103,6 +103,14 @@ Defaults are fine.
 Use the AES-SIV encryption mode. This is slower than GCM but is
 secure with deterministic nonces as used in "-reverse" mode.
 
+#### -deterministic-names
+Disable file name randomisation and creation of `gocryptfs.diriv` files.
+This can prevent sync conflicts conflicts when synchronising files, but
+leaks information about identical file names across directories
+("Identical names leak" in https://nuetzlich.net/gocryptfs/comparison/#file-names ).
+
+The resulting `gocryptfs.conf` has "DirIV" missing from "FeatureFlags".
+
 #### -devrandom
 Use `/dev/random` for generating the master key instead of the default Go
 implementation. This is especially useful on embedded systems with Go versions
@@ -545,11 +553,6 @@ useful in regression testing.
 
 Applies to: all actions.
 
-#### -zerodiriv
-Create diriv as all-zero files
-
-Applies to: all actions without `-plaintextnames`.
-
 #### \-\-
 Stop option parsing. Helpful when CIPHERDIR may start with a
 dash "-".
diff --git a/init_dir.go b/init_dir.go
index cea7e53..70ba2ed 100644
--- a/init_dir.go
+++ b/init_dir.go
@@ -87,7 +87,8 @@ func initDir(args *argContainer) {
 		}
 		creator := tlog.ProgramName + " " + GitVersion
 		err = configfile.Create(args.config, password, args.plaintextnames,
-			args.scryptn, creator, args.aessiv, args.devrandom, fido2CredentialID, fido2HmacSalt)
+			args.scryptn, creator, args.aessiv, args.devrandom, fido2CredentialID, fido2HmacSalt,
+			args.deterministic_names)
 		if err != nil {
 			tlog.Fatal.Println(err)
 			os.Exit(exitcodes.WriteConf)
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 40dda38..b54bd51 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -80,7 +80,8 @@ func randBytesDevRandom(n int) []byte {
 // "password" and write it to "filename".
 // Uses scrypt with cost parameter logN.
 func Create(filename string, password []byte, plaintextNames bool,
-	logN int, creator string, aessiv bool, devrandom bool, fido2CredentialID []byte, fido2HmacSalt []byte) error {
+	logN int, creator string, aessiv bool, devrandom bool,
+	fido2CredentialID []byte, fido2HmacSalt []byte, deterministicNames bool) error {
 	var cf ConfFile
 	cf.filename = filename
 	cf.Creator = creator
@@ -92,7 +93,9 @@ func Create(filename string, password []byte, plaintextNames bool,
 	if plaintextNames {
 		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagPlaintextNames])
 	} else {
-		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagDirIV])
+		if !deterministicNames {
+			cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagDirIV])
+		}
 		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagEMENames])
 		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagLongNames])
 		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagRaw64])
diff --git a/internal/configfile/config_test.go b/internal/configfile/config_test.go
index ce35531..17ca80c 100644
--- a/internal/configfile/config_test.go
+++ b/internal/configfile/config_test.go
@@ -62,7 +62,7 @@ func TestLoadV2StrangeFeature(t *testing.T) {
 }
 
 func TestCreateConfDefault(t *testing.T) {
-	err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, false, nil, nil)
+	err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, false, nil, nil, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -83,14 +83,14 @@ func TestCreateConfDefault(t *testing.T) {
 }
 
 func TestCreateConfDevRandom(t *testing.T) {
-	err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, true, nil, nil)
+	err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, true, nil, nil, false)
 	if err != nil {
 		t.Fatal(err)
 	}
 }
 
 func TestCreateConfPlaintextnames(t *testing.T) {
-	err := Create("config_test/tmp.conf", testPw, true, 10, "test", false, false, nil, nil)
+	err := Create("config_test/tmp.conf", testPw, true, 10, "test", false, false, nil, nil, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -111,7 +111,7 @@ func TestCreateConfPlaintextnames(t *testing.T) {
 
 // Reverse mode uses AESSIV
 func TestCreateConfFileAESSIV(t *testing.T) {
-	err := Create("config_test/tmp.conf", testPw, false, 10, "test", true, false, nil, nil)
+	err := Create("config_test/tmp.conf", testPw, false, 10, "test", true, false, nil, nil, false)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go
index 5964a53..45e1853 100644
--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@@ -45,7 +45,6 @@ var knownFlags = map[flagIota]string{
 
 // Filesystems that do not have these feature flags set are deprecated.
 var requiredFlagsNormal = []flagIota{
-	FlagDirIV,
 	FlagEMENames,
 	FlagGCMIV128,
 }
diff --git a/mount.go b/mount.go
index 07b589b..4e693f1 100644
--- a/mount.go
+++ b/mount.go
@@ -282,6 +282,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 	if confFile != nil {
 		// Settings from the config file override command line args
 		frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
+		frontendArgs.DeterministicNames = !confFile.IsFeatureFlagSet(configfile.FlagDirIV)
 		args.raw64 = confFile.IsFeatureFlagSet(configfile.FlagRaw64)
 		args.hkdf = confFile.IsFeatureFlagSet(configfile.FlagHKDF)
 		if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) {
diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go
index 85a8006..f4162f8 100644
--- a/tests/cli/cli_test.go
+++ b/tests/cli/cli_test.go
@@ -995,3 +995,9 @@ func TestMountCreat(t *testing.T) {
 		test_helpers.UnmountPanic(mnt)
 	}
 }
+
+// Test -init -deterministic-names
+func TestInitDeterministicNames(t *testing.T) {
+	dir := test_helpers.InitFS(t, "-deterministic-names")
+
+}
diff --git a/tests/deterministic_names/deterministic_names_test.go b/tests/deterministic_names/deterministic_names_test.go
index 1b355df..e94b0b6 100644
--- a/tests/deterministic_names/deterministic_names_test.go
+++ b/tests/deterministic_names/deterministic_names_test.go
@@ -3,11 +3,13 @@ package deterministic_names
 // integration tests that target "-deterministic-names" specifically
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 
+	"github.com/rfjakob/gocryptfs/internal/configfile"
 	"github.com/rfjakob/gocryptfs/tests/test_helpers"
 )
 
@@ -19,8 +21,18 @@ var testPw = []byte("test")
 // Create and mount "-deterministic-names" fs
 func TestMain(m *testing.M) {
 	cDir = test_helpers.InitFS(nil, "-deterministic-names")
+	// Check config file sanity
+	_, c, err := configfile.LoadAndDecrypt(cDir+"/"+configfile.ConfDefaultName, testPw)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	if c.IsFeatureFlagSet(configfile.FlagDirIV) {
+		fmt.Println("DirIV flag should be off")
+		os.Exit(1)
+	}
 	pDir = cDir + ".mnt"
-	test_helpers.MountOrExit(cDir, pDir, "-deterministic-names", "-extpass", "echo test")
+	test_helpers.MountOrExit(cDir, pDir, "-extpass", "echo test")
 	r := m.Run()
 	test_helpers.UnmountPanic(pDir)
 	os.Exit(r)