summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--internal/fusefrontend_reverse/rfile.go18
-rw-r--r--internal/pathiv/pathiv.go26
2 files changed, 29 insertions, 15 deletions
diff --git a/internal/fusefrontend_reverse/rfile.go b/internal/fusefrontend_reverse/rfile.go
index b19ad5e..530547a 100644
--- a/internal/fusefrontend_reverse/rfile.go
+++ b/internal/fusefrontend_reverse/rfile.go
@@ -33,11 +33,6 @@ type reverseFile struct {
var inodeTable syncmap.Map
-type derivedIVContainer struct {
- id []byte
- block0IV []byte
-}
-
func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.Status) {
absPath, err := rfs.abs(rfs.decryptPath(relPath))
if err != nil {
@@ -55,14 +50,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
}
// See if we have that inode number already in the table
// (even if Nlink has dropped to 1)
- var derivedIVs derivedIVContainer
+ var derivedIVs pathiv.FileIVs
v, found := inodeTable.Load(st.Ino)
if found {
tlog.Debug.Printf("ino%d: newFile: found in the inode table", st.Ino)
- derivedIVs = v.(derivedIVContainer)
+ derivedIVs = v.(pathiv.FileIVs)
} else {
- derivedIVs.id = pathiv.Derive(relPath, pathiv.PurposeFileID)
- derivedIVs.block0IV = pathiv.Derive(relPath, pathiv.PurposeBlock0IV)
+ derivedIVs = pathiv.DeriveFile(relPath)
// Nlink > 1 means there is more than one path to this file.
// Store the derived values so we always return the same data,
// regardless of the path that is used to access the file.
@@ -71,7 +65,7 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
v, found = inodeTable.LoadOrStore(st.Ino, derivedIVs)
if found {
// Another thread has stored a different value before we could.
- derivedIVs = v.(derivedIVContainer)
+ derivedIVs = v.(pathiv.FileIVs)
} else {
tlog.Debug.Printf("ino%d: newFile: Nlink=%d, stored in the inode table", st.Ino, st.Nlink)
}
@@ -79,13 +73,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
}
header := contentenc.FileHeader{
Version: contentenc.CurrentVersion,
- ID: derivedIVs.id,
+ ID: derivedIVs.ID,
}
return &reverseFile{
File: nodefs.NewDefaultFile(),
fd: fd,
header: header,
- block0IV: derivedIVs.block0IV,
+ block0IV: derivedIVs.Block0IV,
contentEnc: rfs.contentEnc,
}, fuse.OK
}
diff --git a/internal/pathiv/pathiv.go b/internal/pathiv/pathiv.go
index d2d90a2..aa11b75 100644
--- a/internal/pathiv/pathiv.go
+++ b/internal/pathiv/pathiv.go
@@ -6,13 +6,19 @@ import (
"github.com/rfjakob/gocryptfs/internal/nametransform"
)
+// Purpose identifies for which purpose the IV will be used. This is mixed into the
+// derivation.
type Purpose string
const (
- PurposeDirIV Purpose = "DIRIV"
- PurposeFileID Purpose = "FILEID"
+ // PurposeDirIV means the value will be used as a directory IV
+ PurposeDirIV Purpose = "DIRIV"
+ // PurposeFileID means the value will be used as the file ID in the file header
+ PurposeFileID Purpose = "FILEID"
+ // PurposeSymlinkIV means the value will be used as the IV for symlink encryption
PurposeSymlinkIV Purpose = "SYMLINKIV"
- PurposeBlock0IV Purpose = "BLOCK0IV"
+ // PurposeBlock0IV means the value will be used as the IV of ciphertext block #0.
+ PurposeBlock0IV Purpose = "BLOCK0IV"
)
// Derive derives an IV from an encrypted path by hashing it with sha256
@@ -22,3 +28,17 @@ func Derive(path string, purpose Purpose) []byte {
hash := sha256.Sum256(extended)
return hash[:nametransform.DirIVLen]
}
+
+// FileIVs contains both IVs that are needed to create a file.
+type FileIVs struct {
+ ID []byte
+ Block0IV []byte
+}
+
+// DeriveFile derives both IVs that are needed to create a file and returns them
+// in a container struct.
+func DeriveFile(path string) (fileIVs FileIVs) {
+ fileIVs.ID = Derive(path, PurposeFileID)
+ fileIVs.Block0IV = Derive(path, PurposeBlock0IV)
+ return fileIVs
+}