diff options
author | Jakob Unterwurzacher | 2015-12-08 16:13:29 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-12-08 16:17:04 +0100 |
commit | c6dacd6f913b4c6eb7a8917af49190dce32db108 (patch) | |
tree | c0fd9a08f42c37bd977b95d2bb0a7c96226045c1 /pathfs_frontend/names.go | |
parent | ff8c81f95b311eb1cd9c822202519f1a90a8cdd4 (diff) |
Add EME filename encryption & enable it by default
Diffstat (limited to 'pathfs_frontend/names.go')
-rw-r--r-- | pathfs_frontend/names.go | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/pathfs_frontend/names.go b/pathfs_frontend/names.go index bb73ff4..e1783a6 100644 --- a/pathfs_frontend/names.go +++ b/pathfs_frontend/names.go @@ -6,20 +6,47 @@ import ( "github.com/rfjakob/gocryptfs/cryptfs" ) +// isFiltered - check if plaintext "path" should be forbidden +// +// Prevents name clashes with internal files when file names are not encrypted +func (fs *FS) isFiltered(path string) bool { + if !fs.args.PlaintextNames { + return false + } + // gocryptfs.conf in the root directory is forbidden + if path == cryptfs.ConfDefaultName { + cryptfs.Warn.Printf("The name /%s is reserved when -plaintextnames is used\n", + cryptfs.ConfDefaultName) + return true + } + // Note: gocryptfs.diriv is NOT forbidden because diriv and plaintextnames + // are exclusive + return false +} + + +// encryptPath - encrypt relative plaintext path func (fs *FS) encryptPath(plainPath string) (string, error) { + if fs.args.PlaintextNames { + return plainPath, nil + } if !fs.args.DirIV { - return fs.CryptFS.TranslatePathZeroIV(plainPath, cryptfs.OpEncrypt) + return fs.CryptFS.EncryptPathNoIV(plainPath), nil } fs.dirIVLock.RLock() defer fs.dirIVLock.RUnlock() - return fs.CryptFS.EncryptPathDirIV(plainPath, fs.args.Cipherdir) + return fs.CryptFS.EncryptPathDirIV(plainPath, fs.args.Cipherdir, fs.args.EMENames) } +// decryptPath - decrypt relative ciphertext path func (fs *FS) decryptPath(cipherPath string) (string, error) { + if fs.args.PlaintextNames { + return cipherPath, nil + } if !fs.args.DirIV { - return fs.CryptFS.TranslatePathZeroIV(cipherPath, cryptfs.OpDecrypt) + return fs.CryptFS.DecryptPathNoIV(cipherPath) } fs.dirIVLock.RLock() defer fs.dirIVLock.RUnlock() - return fs.CryptFS.DecryptPathDirIV(cipherPath, fs.args.Cipherdir) + return fs.CryptFS.DecryptPathDirIV(cipherPath, fs.args.Cipherdir, fs.args.EMENames) } |