aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-02-17 16:26:35 +0100
committerJakob Unterwurzacher2018-02-18 11:21:58 +0100
commit719693ec5dd1153318606f151915231d71ddfe0b (patch)
tree95dbe7fcbefaf4ea446f528ce9ed194d08a378ae /internal
parenteeed4b4bef64059e5a52f4ceaa0d3a52b197349a (diff)
fusefrontend[_reverse]: move crypto init up to caller
Both fusefrontend and fusefrontend_reverse were doing essentially the same thing, move it into main's initFuseFrontend. A side-effect is that we have a reference to cryptocore in main, which will help with wiping the keys on exit (https://github.com/rfjakob/gocryptfs/issues/211).
Diffstat (limited to 'internal')
-rw-r--r--internal/fusefrontend/args.go9
-rw-r--r--internal/fusefrontend/fs.go12
-rw-r--r--internal/fusefrontend_reverse/rfs.go14
3 files changed, 6 insertions, 29 deletions
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index fc9de73..8a64e99 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -2,7 +2,6 @@ package fusefrontend
import (
"github.com/hanwen/go-fuse/fuse"
- "github.com/rfjakob/gocryptfs/internal/cryptocore"
)
// Args is a container for arguments that are passed from main() to fusefrontend
@@ -10,7 +9,6 @@ type Args struct {
// Cipherdir is the backing storage directory (absolute path).
// For reverse mode, Cipherdir actually contains *plaintext* files.
Cipherdir string
- CryptoBackend cryptocore.AEADTypeEnum
PlaintextNames bool
LongNames bool
// Should we chown a file after it has been created?
@@ -26,15 +24,8 @@ type Args struct {
// location. If it is false, reverse mode maps ".gocryptfs.reverse.conf"
// to "gocryptfs.conf" in the plaintext dir.
ConfigCustom bool
- // Raw64 is true when RawURLEncoding (without padding) should be used for
- // file names.
- // Corresponds to the Raw64 feature flag introduced in gocryptfs v1.2.
- Raw64 bool
// NoPrealloc disables automatic preallocation before writing
NoPrealloc bool
- // Use HKDF key derivation.
- // Corresponds to the HKDF feature flag introduced in gocryptfs v1.3.
- HKDF bool
// Try to serialize read operations, "-serialize_reads"
SerializeReads bool
// Force decode even if integrity check fails (openSSL only)
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 8b0bb2e..b09ed83 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -17,7 +17,6 @@ import (
"github.com/hanwen/go-fuse/fuse/pathfs"
"github.com/rfjakob/gocryptfs/internal/contentenc"
- "github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/nametransform"
"github.com/rfjakob/gocryptfs/internal/serialize_reads"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
@@ -44,20 +43,15 @@ type FS struct {
var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
// NewFS returns a new encrypted FUSE overlay filesystem.
-func NewFS(masterkey []byte, args Args) *FS {
- cryptoCore := cryptocore.New(masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, args.ForceDecode)
- contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS, args.ForceDecode)
- nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
-
+func NewFS(args Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *FS {
if args.SerializeReads {
serialize_reads.InitSerializer()
}
-
return &FS{
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),
args: args,
- nameTransform: nameTransform,
- contentEnc: contentEnc,
+ nameTransform: n,
+ contentEnc: c,
}
}
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 1523c18..b281c76 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -2,7 +2,6 @@ package fusefrontend_reverse
import (
"fmt"
- "log"
"path/filepath"
"syscall"
@@ -42,22 +41,15 @@ var _ pathfs.FileSystem = &ReverseFS{}
// NewFS returns an encrypted FUSE overlay filesystem.
// In this case (reverse mode) the backing directory is plain-text and
// ReverseFS provides an encrypted view.
-func NewFS(masterkey []byte, args fusefrontend.Args) *ReverseFS {
- if args.CryptoBackend != cryptocore.BackendAESSIV {
- log.Panic("reverse mode must use AES-SIV, everything else is insecure")
- }
+func NewFS(args fusefrontend.Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *ReverseFS {
initLongnameCache()
- cryptoCore := cryptocore.New(masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, false)
- contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS, false)
- nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
-
return &ReverseFS{
// pathfs.defaultFileSystem returns ENOSYS for all operations
FileSystem: pathfs.NewDefaultFileSystem(),
loopbackfs: pathfs.NewLoopbackFileSystem(args.Cipherdir),
args: args,
- nameTransform: nameTransform,
- contentEnc: contentEnc,
+ nameTransform: n,
+ contentEnc: c,
}
}