diff options
| author | Jakob Unterwurzacher | 2015-11-27 23:34:55 +0100 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2015-11-28 18:38:06 +0100 |
| commit | fe7355f9ee4ae8e52a9b76202e90032d78824f21 (patch) | |
| tree | ffa2eed00a684b9985a249654e72bba3f82710db /pathfs_frontend | |
| parent | b3d96b6a208e7679a0e7dc936d76bcec271ecddf (diff) | |
diriv: use "DirIV" flag to discern and support mounting old filesystems
Diffstat (limited to 'pathfs_frontend')
| -rw-r--r-- | pathfs_frontend/fs.go | 11 | ||||
| -rw-r--r-- | pathfs_frontend/names.go | 12 |
2 files changed, 18 insertions, 5 deletions
diff --git a/pathfs_frontend/fs.go b/pathfs_frontend/fs.go index 680b08c..c2b80a3 100644 --- a/pathfs_frontend/fs.go +++ b/pathfs_frontend/fs.go @@ -19,6 +19,8 @@ type FS struct { *cryptfs.CryptFS pathfs.FileSystem // loopbackFileSystem, see go-fuse/fuse/pathfs/loopback.go backingDir string // Backing directory, cipherdir + // Are per-directory filename IVs enabled? + dirIV bool // dirIVLock: Lock()ed if any "gocryptfs.diriv" file is modified // Readers must RLock() it to prevent them from seeing intermediate // states @@ -26,10 +28,11 @@ type FS struct { } // Encrypted FUSE overlay filesystem -func NewFS(key []byte, backing string, useOpenssl bool, plaintextNames bool) *FS { +func NewFS(key []byte, backing string, useOpenssl bool, plaintextNames bool, dirIV bool) *FS { return &FS{ CryptFS: cryptfs.NewCryptFS(key, useOpenssl, plaintextNames), FileSystem: pathfs.NewLoopbackFileSystem(backing), + dirIV: dirIV, backingDir: backing, } } @@ -82,8 +85,8 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f // silently ignore "gocryptfs.conf" in the top level dir continue } - if cName == cryptfs.DIRIV_FILENAME { - // silently ignore "gocryptfs.diriv" everywhere + if fs.dirIV && cName == cryptfs.DIRIV_FILENAME { + // silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled continue } name, err := fs.decryptPath(cName) @@ -227,7 +230,7 @@ func (fs *FS) Mkdir(relPath string, mode uint32, context *fuse.Context) (code fu return fuse.ToStatus(err) } // Create gocryptfs.diriv inside - err = fs.CryptFS.WriteDirIV(encPath) + err = cryptfs.WriteDirIV(encPath) if err != nil { // This should not happen cryptfs.Warn.Printf("Creating %s in dir %s failed: %v\n", cryptfs.DIRIV_FILENAME, encPath, err) diff --git a/pathfs_frontend/names.go b/pathfs_frontend/names.go index 9c6e010..122b3dd 100644 --- a/pathfs_frontend/names.go +++ b/pathfs_frontend/names.go @@ -1,14 +1,24 @@ package pathfs_frontend -// This file handles filename encryption +// This file forwards file encryption operations to cryptfs + +import ( + "github.com/rfjakob/gocryptfs/cryptfs" +) func (fs *FS) encryptPath(plainPath string) (string, error) { + if !fs.dirIV { + return fs.CryptFS.TranslatePathZeroIV(plainPath, cryptfs.OpEncrypt) + } fs.dirIVLock.RLock() defer fs.dirIVLock.RUnlock() return fs.CryptFS.EncryptPathDirIV(plainPath, fs.backingDir) } func (fs *FS) decryptPath(cipherPath string) (string, error) { + if !fs.dirIV { + return fs.CryptFS.TranslatePathZeroIV(cipherPath, cryptfs.OpDecrypt) + } fs.dirIVLock.RLock() defer fs.dirIVLock.RUnlock() return fs.CryptFS.DecryptPathDirIV(cipherPath, fs.backingDir) |