Implement -deterministic-names: extended -zerodiriv

-deterministc-names uses all-zero dirivs but does not write them to disk anymore.
author: Jakob Unterwurzacher 2021-08-20 10:57:26 +0200
committer: Jakob Unterwurzacher 2021-08-20 10:58:42 +0200
commit: 195d9d18a90d88ff2cb0530d832c59d98934fd1f (patch)
tree: e226de2355cfdf3f2d3a26411b85a338f2a264ef /internal/nametransform
parent: 8f94083a2114c3aef4bc0320065e0374c420ea4a (diff)
3 files changed, 24 insertions, 16 deletions
diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index a288aa5..3a80baa 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -1,6 +1,7 @@
 package nametransform
 
 import (
+	"bytes"
 	"fmt"
 	"io"
 	"os"
@@ -22,7 +23,11 @@ const (
 // ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
 // Using the dirfd makes it immune to concurrent renames of the directory.
 // Retries on EINTR.
-func ReadDirIVAt(dirfd int) (iv []byte, err error) {
+// If deterministicNames is set it returns an all-zero slice.
+func (n *NameTransform) ReadDirIVAt(dirfd int) (iv []byte, err error) {
+	if n.deterministicNames {
+		return make([]byte, DirIVLen), nil
+	}
 	fdRaw, err := syscallcompat.Openat(dirfd, DirIVFilename,
 		syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
 	if err != nil {
@@ -33,6 +38,9 @@ func ReadDirIVAt(dirfd int) (iv []byte, err error) {
 	return fdReadDirIV(fd)
 }
 
+// allZeroDirIV is preallocated to quickly check if the data read from disk is all zero
+var allZeroDirIV = make([]byte, DirIVLen)
+
 // fdReadDirIV reads and verifies the DirIV from an opened gocryptfs.diriv file.
 func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 	// We want to detect if the file is bigger than DirIVLen, so
@@ -46,6 +54,9 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 	if len(iv) != DirIVLen {
 		return nil, fmt.Errorf("wanted %d bytes, got %d", DirIVLen, len(iv))
 	}
+	if bytes.Equal(iv, allZeroDirIV) {
+		return nil, fmt.Errorf("diriv is all-zero")
+	}
 	return iv, nil
 }
 
@@ -53,13 +64,8 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 // "dirfd". On error we try to delete the incomplete file.
 // This function is exported because it is used from fusefrontend, main,
 // and also the automated tests.
-func WriteDirIVAt(dirfd int, randomInitialization bool) error {
-	var iv []byte
-	if randomInitialization {
-		iv = cryptocore.RandBytes(DirIVLen)
-	} else {
-		iv = make([]byte, DirIVLen)
-	}
+func WriteDirIVAt(dirfd int) error {
+	iv := cryptocore.RandBytes(DirIVLen)
 	// 0400 permissions: gocryptfs.diriv should never be modified after creation.
 	// Don't use "ioutil.WriteFile", it causes trouble on NFS:
 	// https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed
diff --git a/internal/nametransform/longnames.go b/internal/nametransform/longnames.go
index 74ddb07..bf8060b 100644
--- a/internal/nametransform/longnames.go
+++ b/internal/nametransform/longnames.go
@@ -114,7 +114,7 @@ func ReadLongNameAt(dirfd int, cName string) (string, error) {
 func DeleteLongNameAt(dirfd int, hashName string) error {
 	err := syscallcompat.Unlinkat(dirfd, hashName+LongNameSuffix, 0)
 	if err != nil {
-		tlog.Warn.Printf("DeleteLongName: %v", err)
+		tlog.Warn.Printf("DeleteLongNameAt: %v", err)
 	}
 	return err
 }
@@ -128,7 +128,7 @@ func (n *NameTransform) WriteLongNameAt(dirfd int, hashName string, plainName st
 	plainName = filepath.Base(plainName)
 
 	// Encrypt the basename
-	dirIV, err := ReadDirIVAt(dirfd)
+	dirIV, err := n.ReadDirIVAt(dirfd)
 	if err != nil {
 		return err
 	}
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index 566f0c7..412ccc0 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -25,11 +25,12 @@ type NameTransform struct {
 	// on the Raw64 feature flag
 	B64 *base64.Encoding
 	// Patterns to bypass decryption
-	badnamePatterns []string
+	badnamePatterns    []string
+	deterministicNames bool
 }
 
 // New returns a new NameTransform instance.
-func New(e *eme.EMECipher, longNames bool, raw64 bool, badname []string) *NameTransform {
+func New(e *eme.EMECipher, longNames bool, raw64 bool, badname []string, deterministicNames bool) *NameTransform {
 	tlog.Debug.Printf("nametransform.New: longNames=%v, raw64=%v, badname=%q",
 		longNames, raw64, badname)
 
@@ -38,10 +39,11 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool, badname []string) *NameTr
 		b64 = base64.RawURLEncoding
 	}
 	return &NameTransform{
-		emeCipher:       e,
-		longNames:       longNames,
-		B64:             b64,
-		badnamePatterns: badname,
+		emeCipher:          e,
+		longNames:          longNames,
+		B64:                b64,
+		badnamePatterns:    badname,
+		deterministicNames: deterministicNames,
 	}
 }
author	Jakob Unterwurzacher	2021-08-20 10:57:26 +0200
committer	Jakob Unterwurzacher	2021-08-20 10:58:42 +0200
commit	195d9d18a90d88ff2cb0530d832c59d98934fd1f (patch)
tree	e226de2355cfdf3f2d3a26411b85a338f2a264ef /internal/nametransform
parent	8f94083a2114c3aef4bc0320065e0374c420ea4a (diff)