aboutsummaryrefslogtreecommitdiff
path: root/cryptfs
diff options
context:
space:
mode:
authorJakob Unterwurzacher2015-11-03 00:00:13 +0100
committerJakob Unterwurzacher2015-11-03 00:00:13 +0100
commitde56fe9e3503d98e359551072633c804794b94e1 (patch)
treec9748200eb69eabd2fbfe1b019380a403f20ccb7 /cryptfs
parent66db3ad086692d249bdf8e14921760f7a460bb99 (diff)
Implement PlainTextNames mode
Also, forbid access to "gocryptfs.conf" in the root dir.
Diffstat (limited to 'cryptfs')
-rw-r--r--cryptfs/config_file.go4
-rw-r--r--cryptfs/cryptfs.go4
-rw-r--r--cryptfs/cryptfs_names.go10
3 files changed, 13 insertions, 5 deletions
diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go
index de3054a..a790c51 100644
--- a/cryptfs/config_file.go
+++ b/cryptfs/config_file.go
@@ -76,7 +76,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
// Unlock master key using password-based key
// We use stock go GCM instead of OpenSSL here as speed is not important
// and we get better error messages
- cfs := NewCryptFS(scryptHash, false)
+ cfs := NewCryptFS(scryptHash, false, false)
key, err := cfs.DecryptBlock(cf.EncryptedKey, 0, nil)
if err != nil {
Warn.Printf("failed to unlock master key: %s\n", err.Error())
@@ -95,7 +95,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string) {
scryptHash := cf.ScryptObject.DeriveKey(password)
// Lock master key using password-based key
- cfs := NewCryptFS(scryptHash, false)
+ cfs := NewCryptFS(scryptHash, false, false)
cf.EncryptedKey = cfs.EncryptBlock(key, 0, nil)
}
diff --git a/cryptfs/cryptfs.go b/cryptfs/cryptfs.go
index 9fe492d..ed19b26 100644
--- a/cryptfs/cryptfs.go
+++ b/cryptfs/cryptfs.go
@@ -23,9 +23,10 @@ type CryptFS struct {
cipherBS uint64
// Stores an all-zero block of size cipherBS
allZeroBlock []byte
+ plaintextNames bool
}
-func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {
+func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS {
if len(key) != KEY_LEN {
panic(fmt.Sprintf("Unsupported key length %d", len(key)))
@@ -54,6 +55,7 @@ func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {
plainBS: DEFAULT_PLAINBS,
cipherBS: uint64(cipherBS),
allZeroBlock: make([]byte, cipherBS),
+ plaintextNames: plaintextNames,
}
}
diff --git a/cryptfs/cryptfs_names.go b/cryptfs/cryptfs_names.go
index 5476b17..a7a9a8c 100644
--- a/cryptfs/cryptfs_names.go
+++ b/cryptfs/cryptfs_names.go
@@ -102,14 +102,20 @@ func (be *CryptFS) translatePath(path string, op bool) (string, error) {
return strings.Join(translatedParts, "/"), err
}
-// EncryptPath - encrypt filename or path. Just hands it to TranslatePath().
+// EncryptPath - encrypt filename or path. Just hands it to translatePath().
func (be *CryptFS) EncryptPath(path string) string {
+ if be.plaintextNames {
+ return path
+ }
newPath, _ := be.translatePath(path, ENCRYPT)
return newPath
}
-// DecryptPath - decrypt filename or path. Just hands it to TranslatePath().
+// DecryptPath - decrypt filename or path. Just hands it to translatePath().
func (be *CryptFS) DecryptPath(path string) (string, error) {
+ if be.plaintextNames {
+ return path, nil
+ }
return be.translatePath(path, DECRYPT)
}