diff options
author | Jakob Unterwurzacher | 2015-12-08 16:13:29 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-12-08 16:17:04 +0100 |
commit | c6dacd6f913b4c6eb7a8917af49190dce32db108 (patch) | |
tree | c0fd9a08f42c37bd977b95d2bb0a7c96226045c1 /cryptfs/names_noiv.go | |
parent | ff8c81f95b311eb1cd9c822202519f1a90a8cdd4 (diff) |
Add EME filename encryption & enable it by default
Diffstat (limited to 'cryptfs/names_noiv.go')
-rw-r--r-- | cryptfs/names_noiv.go | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/cryptfs/names_noiv.go b/cryptfs/names_noiv.go new file mode 100644 index 0000000..7eed4b8 --- /dev/null +++ b/cryptfs/names_noiv.go @@ -0,0 +1,63 @@ +package cryptfs + +import ( + "strings" +) + +const ( + OpEncrypt = iota + OpDecrypt +) + +// DecryptPathNoIV - decrypt path using CBC without any IV. +// This function is deprecated by the the more secure DirIV variant and only retained +// for compatability with old filesystems. +func (be *CryptFS) DecryptPathNoIV(cipherPath string) (plainPath string, err error) { + plainPath, err = be.translatePathNoIV(cipherPath, OpDecrypt) + return plainPath, err +} + +// EncryptPathNoIV - decrypt path using CBC without any IV. +// This function is deprecated by the the more secure DirIV variant and only retained +// for compatability with old filesystems. +func (be *CryptFS) EncryptPathNoIV(plainPath string) (cipherPath string) { + cipherPath, _ = be.translatePathNoIV(plainPath, OpEncrypt) + return cipherPath +} + +// translatePathZeroIV - encrypt or decrypt path using CBC with an all-zero IV. +// Just splits the string on "/" and hands the parts to encryptName() / decryptName() +func (be *CryptFS) translatePathNoIV(path string, op int) (string, error) { + var err error + + // Empty string means root directory + if path == "" { + return path, err + } + + zeroIV := make([]byte, DIRIV_LEN) + + // Run operation on each path component + var translatedParts []string + parts := strings.Split(path, "/") + for _, part := range parts { + if part == "" { + // This happens on "/foo/bar/" on the front and on the end. + // Don't panic. + translatedParts = append(translatedParts, "") + continue + } + var newPart string + if op == OpEncrypt { + newPart = be.encryptName(part, zeroIV, false) + } else { + newPart, err = be.decryptName(part, zeroIV, false) + if err != nil { + return "", err + } + } + translatedParts = append(translatedParts, newPart) + } + + return strings.Join(translatedParts, "/"), err +} |