diff options
author | Jakob Unterwurzacher | 2015-11-03 00:00:13 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-11-03 00:00:13 +0100 |
commit | de56fe9e3503d98e359551072633c804794b94e1 (patch) | |
tree | c9748200eb69eabd2fbfe1b019380a403f20ccb7 /cryptfs | |
parent | 66db3ad086692d249bdf8e14921760f7a460bb99 (diff) |
Implement PlainTextNames mode
Also, forbid access to "gocryptfs.conf" in the root dir.
Diffstat (limited to 'cryptfs')
-rw-r--r-- | cryptfs/config_file.go | 4 | ||||
-rw-r--r-- | cryptfs/cryptfs.go | 4 | ||||
-rw-r--r-- | cryptfs/cryptfs_names.go | 10 |
3 files changed, 13 insertions, 5 deletions
diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go index de3054a..a790c51 100644 --- a/cryptfs/config_file.go +++ b/cryptfs/config_file.go @@ -76,7 +76,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { // Unlock master key using password-based key // We use stock go GCM instead of OpenSSL here as speed is not important // and we get better error messages - cfs := NewCryptFS(scryptHash, false) + cfs := NewCryptFS(scryptHash, false, false) key, err := cfs.DecryptBlock(cf.EncryptedKey, 0, nil) if err != nil { Warn.Printf("failed to unlock master key: %s\n", err.Error()) @@ -95,7 +95,7 @@ func (cf *ConfFile) EncryptKey(key []byte, password string) { scryptHash := cf.ScryptObject.DeriveKey(password) // Lock master key using password-based key - cfs := NewCryptFS(scryptHash, false) + cfs := NewCryptFS(scryptHash, false, false) cf.EncryptedKey = cfs.EncryptBlock(key, 0, nil) } diff --git a/cryptfs/cryptfs.go b/cryptfs/cryptfs.go index 9fe492d..ed19b26 100644 --- a/cryptfs/cryptfs.go +++ b/cryptfs/cryptfs.go @@ -23,9 +23,10 @@ type CryptFS struct { cipherBS uint64 // Stores an all-zero block of size cipherBS allZeroBlock []byte + plaintextNames bool } -func NewCryptFS(key []byte, useOpenssl bool) *CryptFS { +func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS { if len(key) != KEY_LEN { panic(fmt.Sprintf("Unsupported key length %d", len(key))) @@ -54,6 +55,7 @@ func NewCryptFS(key []byte, useOpenssl bool) *CryptFS { plainBS: DEFAULT_PLAINBS, cipherBS: uint64(cipherBS), allZeroBlock: make([]byte, cipherBS), + plaintextNames: plaintextNames, } } diff --git a/cryptfs/cryptfs_names.go b/cryptfs/cryptfs_names.go index 5476b17..a7a9a8c 100644 --- a/cryptfs/cryptfs_names.go +++ b/cryptfs/cryptfs_names.go @@ -102,14 +102,20 @@ func (be *CryptFS) translatePath(path string, op bool) (string, error) { return strings.Join(translatedParts, "/"), err } -// EncryptPath - encrypt filename or path. Just hands it to TranslatePath(). +// EncryptPath - encrypt filename or path. Just hands it to translatePath(). func (be *CryptFS) EncryptPath(path string) string { + if be.plaintextNames { + return path + } newPath, _ := be.translatePath(path, ENCRYPT) return newPath } -// DecryptPath - decrypt filename or path. Just hands it to TranslatePath(). +// DecryptPath - decrypt filename or path. Just hands it to translatePath(). func (be *CryptFS) DecryptPath(path string) (string, error) { + if be.plaintextNames { + return path, nil + } return be.translatePath(path, DECRYPT) } |