summaryrefslogtreecommitdiff
path: root/pathfs_frontend/names.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2015-12-08 16:13:29 +0100
committerJakob Unterwurzacher2015-12-08 16:17:04 +0100
commitc6dacd6f913b4c6eb7a8917af49190dce32db108 (patch)
treec0fd9a08f42c37bd977b95d2bb0a7c96226045c1 /pathfs_frontend/names.go
parentff8c81f95b311eb1cd9c822202519f1a90a8cdd4 (diff)
Add EME filename encryption & enable it by default
Diffstat (limited to 'pathfs_frontend/names.go')
-rw-r--r--pathfs_frontend/names.go35
1 files changed, 31 insertions, 4 deletions
diff --git a/pathfs_frontend/names.go b/pathfs_frontend/names.go
index bb73ff4..e1783a6 100644
--- a/pathfs_frontend/names.go
+++ b/pathfs_frontend/names.go
@@ -6,20 +6,47 @@ import (
"github.com/rfjakob/gocryptfs/cryptfs"
)
+// isFiltered - check if plaintext "path" should be forbidden
+//
+// Prevents name clashes with internal files when file names are not encrypted
+func (fs *FS) isFiltered(path string) bool {
+ if !fs.args.PlaintextNames {
+ return false
+ }
+ // gocryptfs.conf in the root directory is forbidden
+ if path == cryptfs.ConfDefaultName {
+ cryptfs.Warn.Printf("The name /%s is reserved when -plaintextnames is used\n",
+ cryptfs.ConfDefaultName)
+ return true
+ }
+ // Note: gocryptfs.diriv is NOT forbidden because diriv and plaintextnames
+ // are exclusive
+ return false
+}
+
+
+// encryptPath - encrypt relative plaintext path
func (fs *FS) encryptPath(plainPath string) (string, error) {
+ if fs.args.PlaintextNames {
+ return plainPath, nil
+ }
if !fs.args.DirIV {
- return fs.CryptFS.TranslatePathZeroIV(plainPath, cryptfs.OpEncrypt)
+ return fs.CryptFS.EncryptPathNoIV(plainPath), nil
}
fs.dirIVLock.RLock()
defer fs.dirIVLock.RUnlock()
- return fs.CryptFS.EncryptPathDirIV(plainPath, fs.args.Cipherdir)
+ return fs.CryptFS.EncryptPathDirIV(plainPath, fs.args.Cipherdir, fs.args.EMENames)
}
+// decryptPath - decrypt relative ciphertext path
func (fs *FS) decryptPath(cipherPath string) (string, error) {
+ if fs.args.PlaintextNames {
+ return cipherPath, nil
+ }
if !fs.args.DirIV {
- return fs.CryptFS.TranslatePathZeroIV(cipherPath, cryptfs.OpDecrypt)
+ return fs.CryptFS.DecryptPathNoIV(cipherPath)
}
fs.dirIVLock.RLock()
defer fs.dirIVLock.RUnlock()
- return fs.CryptFS.DecryptPathDirIV(cipherPath, fs.args.Cipherdir)
+ return fs.CryptFS.DecryptPathDirIV(cipherPath, fs.args.Cipherdir, fs.args.EMENames)
}