summaryrefslogtreecommitdiff
path: root/internal/fusefrontend_reverse/rpath.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-09-19 23:40:43 +0200
committerJakob Unterwurzacher2016-09-25 16:43:17 +0200
commitbe9dfe3a894bd00a2157bfc3dd19e98bcc171691 (patch)
treee8eb9a0858af41aaeb41b11ea379a074417fca03 /internal/fusefrontend_reverse/rpath.go
parent10f38e88707f3a1f1ad69769219839a30a80c165 (diff)
reverse: implement dynamic diriv
Introduce a unique per-directory diriv that is generated by hashing the encrypted directory path.
Diffstat (limited to 'internal/fusefrontend_reverse/rpath.go')
-rw-r--r--internal/fusefrontend_reverse/rpath.go47
1 files changed, 10 insertions, 37 deletions
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go
index 7e11ca3..a15b31a 100644
--- a/internal/fusefrontend_reverse/rpath.go
+++ b/internal/fusefrontend_reverse/rpath.go
@@ -2,18 +2,11 @@ package fusefrontend_reverse
import (
"encoding/base64"
- "fmt"
"path/filepath"
"strings"
"syscall"
)
-var zeroDirIV []byte
-
-func init() {
- zeroDirIV = make([]byte, 16)
-}
-
func (rfs *reverseFS) abs(relPath string, err error) (string, error) {
if err != nil {
return "", err
@@ -21,45 +14,25 @@ func (rfs *reverseFS) abs(relPath string, err error) (string, error) {
return filepath.Join(rfs.args.Cipherdir, relPath), nil
}
-const (
- ENCRYPT = iota
- DECRYPT
-)
-
-func (rfs *reverseFS) encryptPath(relPath string) (string, error) {
- return rfs.transformPath(relPath, ENCRYPT)
-}
-
func (rfs *reverseFS) decryptPath(relPath string) (string, error) {
- return rfs.transformPath(relPath, DECRYPT)
-}
-
-func (rfs *reverseFS) transformPath(relPath string, direction int) (string, error) {
if rfs.args.PlaintextNames || relPath == "" {
return relPath, nil
}
var err error
var transformedParts []string
parts := strings.Split(relPath, "/")
- for _, part := range parts {
+ for i, part := range parts {
var transformedPart string
- switch direction {
- case ENCRYPT:
- transformedPart = rfs.nameTransform.EncryptName(part, zeroDirIV)
- case DECRYPT:
- transformedPart, err = rfs.nameTransform.DecryptName(part, zeroDirIV)
- if err != nil {
- // We get lots of decrypt requests for names like ".Trash" that
- // are invalid base64. Convert them to ENOENT so the correct
- // error gets returned to the user.
- if _, ok := err.(base64.CorruptInputError); ok {
- fmt.Printf("converting to ENOENT\n")
- return "", syscall.ENOENT
- }
- return "", err
+ dirIV := deriveDirIV(filepath.Join(parts[:i]...))
+ transformedPart, err = rfs.nameTransform.DecryptName(part, dirIV)
+ if err != nil {
+ // We get lots of decrypt requests for names like ".Trash" that
+ // are invalid base64. Convert them to ENOENT so the correct
+ // error gets returned to the user.
+ if _, ok := err.(base64.CorruptInputError); ok {
+ return "", syscall.ENOENT
}
- default:
- panic("bug: invalid direction value")
+ return "", err
}
transformedParts = append(transformedParts, transformedPart)
}