diff options
author | Jakob Unterwurzacher | 2016-09-19 23:40:43 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-09-25 16:43:17 +0200 |
commit | be9dfe3a894bd00a2157bfc3dd19e98bcc171691 (patch) | |
tree | e8eb9a0858af41aaeb41b11ea379a074417fca03 /internal/fusefrontend_reverse/rpath.go | |
parent | 10f38e88707f3a1f1ad69769219839a30a80c165 (diff) |
reverse: implement dynamic diriv
Introduce a unique per-directory diriv that is generated
by hashing the encrypted directory path.
Diffstat (limited to 'internal/fusefrontend_reverse/rpath.go')
-rw-r--r-- | internal/fusefrontend_reverse/rpath.go | 47 |
1 files changed, 10 insertions, 37 deletions
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go index 7e11ca3..a15b31a 100644 --- a/internal/fusefrontend_reverse/rpath.go +++ b/internal/fusefrontend_reverse/rpath.go @@ -2,18 +2,11 @@ package fusefrontend_reverse import ( "encoding/base64" - "fmt" "path/filepath" "strings" "syscall" ) -var zeroDirIV []byte - -func init() { - zeroDirIV = make([]byte, 16) -} - func (rfs *reverseFS) abs(relPath string, err error) (string, error) { if err != nil { return "", err @@ -21,45 +14,25 @@ func (rfs *reverseFS) abs(relPath string, err error) (string, error) { return filepath.Join(rfs.args.Cipherdir, relPath), nil } -const ( - ENCRYPT = iota - DECRYPT -) - -func (rfs *reverseFS) encryptPath(relPath string) (string, error) { - return rfs.transformPath(relPath, ENCRYPT) -} - func (rfs *reverseFS) decryptPath(relPath string) (string, error) { - return rfs.transformPath(relPath, DECRYPT) -} - -func (rfs *reverseFS) transformPath(relPath string, direction int) (string, error) { if rfs.args.PlaintextNames || relPath == "" { return relPath, nil } var err error var transformedParts []string parts := strings.Split(relPath, "/") - for _, part := range parts { + for i, part := range parts { var transformedPart string - switch direction { - case ENCRYPT: - transformedPart = rfs.nameTransform.EncryptName(part, zeroDirIV) - case DECRYPT: - transformedPart, err = rfs.nameTransform.DecryptName(part, zeroDirIV) - if err != nil { - // We get lots of decrypt requests for names like ".Trash" that - // are invalid base64. Convert them to ENOENT so the correct - // error gets returned to the user. - if _, ok := err.(base64.CorruptInputError); ok { - fmt.Printf("converting to ENOENT\n") - return "", syscall.ENOENT - } - return "", err + dirIV := deriveDirIV(filepath.Join(parts[:i]...)) + transformedPart, err = rfs.nameTransform.DecryptName(part, dirIV) + if err != nil { + // We get lots of decrypt requests for names like ".Trash" that + // are invalid base64. Convert them to ENOENT so the correct + // error gets returned to the user. + if _, ok := err.(base64.CorruptInputError); ok { + return "", syscall.ENOENT } - default: - panic("bug: invalid direction value") + return "", err } transformedParts = append(transformedParts, transformedPart) } |