Flag -zerodiriv to create all diriv as all zero byte files

3 files changed, 11 insertions, 10 deletions

diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index d92c3ff..02ffddb 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -53,4 +53,6 @@ type Args struct {
 	// like rsync's `--one-file-system` does.
 	// Only applicable to reverse mode.
 	OneFileSystem bool
+	// ZeroDirIV creates diriv files as all-zero files
+	ZeroDirIV bool
 }
diff --git a/internal/fusefrontend/node_dir_ops.go b/internal/fusefrontend/node_dir_ops.go
index 6d03544..b43a4e4 100644
--- a/internal/fusefrontend/node_dir_ops.go
+++ b/internal/fusefrontend/node_dir_ops.go
@@ -35,6 +35,7 @@ func haveDsstore(entries []fuse.DirEntry) bool {
 // should be a handle to the parent directory, cName is the name of the new
 // directory and mode specifies the access permissions to use.
 func (n *Node) mkdirWithIv(dirfd int, cName string, mode uint32, context *fuse.Context) error {
+
 	rn := n.rootNode()
 	// Between the creation of the directory and the creation of gocryptfs.diriv
 	// the directory is inconsistent. Take the lock to prevent other readers
@@ -48,7 +49,7 @@ func (n *Node) mkdirWithIv(dirfd int, cName string, mode uint32, context *fuse.C
 	dirfd2, err := syscallcompat.Openat(dirfd, cName, syscall.O_DIRECTORY|syscall.O_NOFOLLOW|syscallcompat.O_PATH, 0)
 	if err == nil {
 		// Create gocryptfs.diriv
-		err = nametransform.WriteDirIVAt(dirfd2)
+		err = nametransform.WriteDirIVAt(dirfd2, !rn.args.ZeroDirIV)
 		syscall.Close(dirfd2)
 	}
 	if err != nil {
diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index b10c899..a288aa5 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -1,7 +1,6 @@
 package nametransform
 
 import (
-	"bytes"
 	"fmt"
 	"io"
 	"os"
@@ -34,9 +33,6 @@ func ReadDirIVAt(dirfd int) (iv []byte, err error) {
 	return fdReadDirIV(fd)
 }
 
-// allZeroDirIV is preallocated to quickly check if the data read from disk is all zero
-var allZeroDirIV = make([]byte, DirIVLen)
-
 // fdReadDirIV reads and verifies the DirIV from an opened gocryptfs.diriv file.
 func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 	// We want to detect if the file is bigger than DirIVLen, so
@@ -50,9 +46,6 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 	if len(iv) != DirIVLen {
 		return nil, fmt.Errorf("wanted %d bytes, got %d", DirIVLen, len(iv))
 	}
-	if bytes.Equal(iv, allZeroDirIV) {
-		return nil, fmt.Errorf("diriv is all-zero")
-	}
 	return iv, nil
 }
 
@@ -60,8 +53,13 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 // "dirfd". On error we try to delete the incomplete file.
 // This function is exported because it is used from fusefrontend, main,
 // and also the automated tests.
-func WriteDirIVAt(dirfd int) error {
-	iv := cryptocore.RandBytes(DirIVLen)
+func WriteDirIVAt(dirfd int, randomInitialization bool) error {
+	var iv []byte
+	if randomInitialization {
+		iv = cryptocore.RandBytes(DirIVLen)
+	} else {
+		iv = make([]byte, DirIVLen)
+	}
 	// 0400 permissions: gocryptfs.diriv should never be modified after creation.
 	// Don't use "ioutil.WriteFile", it causes trouble on NFS:
 	// https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed