gocryptfs-xray: integrate ctlsock path encryption/decryption

Implementation seems to work ok, but is missing tests and
documentation for now.
I will only delete ctlsock-encrypt.bash when both are
done.

https://github.com/rfjakob/gocryptfs/issues/416

2 files changed, 76 insertions, 4 deletions

diff --git a/gocryptfs-xray/paths_ctlsock.go b/gocryptfs-xray/paths_ctlsock.go
new file mode 100644
index 0000000..3c69ec3
--- /dev/null
+++ b/gocryptfs-xray/paths_ctlsock.go
@@ -0,0 +1,43 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+
+	"github.com/rfjakob/gocryptfs/ctlsock"
+)
+
+func decryptPaths(socketPath string) {
+	var req ctlsock.RequestStruct
+	transformPaths(socketPath, &req, &req.DecryptPath)
+}
+
+func encryptPaths(socketPath string) {
+	var req ctlsock.RequestStruct
+	transformPaths(socketPath, &req, &req.EncryptPath)
+}
+
+func transformPaths(socketPath string, req *ctlsock.RequestStruct, in *string) {
+	c, err := ctlsock.New(socketPath)
+	if err != nil {
+		fmt.Printf("fatal: %v\n", err)
+		os.Exit(1)
+	}
+	line := 0
+	scanner := bufio.NewScanner(os.Stdin)
+	for scanner.Scan() {
+		line++
+		*in = scanner.Text()
+		resp, err := c.Query(req)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "error at input line %d %q: %v\n", line, *in, err)
+			continue
+		}
+		if resp.WarnText != "" {
+			fmt.Fprintf(os.Stderr, "warning at input line %d %q: %v\n", line, *in, resp.WarnText)
+		}
+		fmt.Println(resp.Result)
+	}
+	os.Exit(0)
+}
diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go
index 34f695b..0777524 100644
--- a/gocryptfs-xray/xray_main.go
+++ b/gocryptfs-xray/xray_main.go
@@ -49,25 +49,54 @@ func usage() {
 		"  gocryptfs-xray -dumpmasterkey myfs/gocryptfs.conf\n")
 }
 
+// sum counts the number of true values
+func sum(x ...*bool) (s int) {
+	for _, v := range x {
+		if *v {
+			s++
+		}
+	}
+	return s
+}
+
 func main() {
-	dumpmasterkey := flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key")
-	aessiv := flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM")
+	var args struct {
+		dumpmasterkey *bool
+		decryptPaths  *bool
+		encryptPaths  *bool
+		aessiv        *bool
+	}
+	args.dumpmasterkey = flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key")
+	args.decryptPaths = flag.Bool("decrypt-paths", false, "Decrypt file paths using gocryptfs control socket")
+	args.encryptPaths = flag.Bool("encrypt-paths", false, "Encrypt file paths using gocryptfs control socket")
+	args.aessiv = flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM")
 	flag.Usage = usage
 	flag.Parse()
+	s := sum(args.dumpmasterkey, args.decryptPaths, args.encryptPaths)
+	if s > 1 {
+		fmt.Printf("fatal: %d operations were requested\n", s)
+		os.Exit(1)
+	}
 	if flag.NArg() != 1 {
 		usage()
 		os.Exit(1)
 	}
 	fn := flag.Arg(0)
+	if *args.decryptPaths {
+		decryptPaths(fn)
+	}
+	if *args.encryptPaths {
+		encryptPaths(fn)
+	}
 	fd, err := os.Open(fn)
 	if err != nil {
 		errExit(err)
 	}
 	defer fd.Close()
-	if *dumpmasterkey {
+	if *args.dumpmasterkey {
 		dumpMasterKey(fn)
 	} else {
-		inspectCiphertext(fd, *aessiv)
+		inspectCiphertext(fd, *args.aessiv)
 	}
 }