diff options
-rw-r--r-- | internal/fusefrontend_reverse/rfile.go | 18 | ||||
-rw-r--r-- | internal/pathiv/pathiv.go | 26 |
2 files changed, 29 insertions, 15 deletions
diff --git a/internal/fusefrontend_reverse/rfile.go b/internal/fusefrontend_reverse/rfile.go index b19ad5e..530547a 100644 --- a/internal/fusefrontend_reverse/rfile.go +++ b/internal/fusefrontend_reverse/rfile.go @@ -33,11 +33,6 @@ type reverseFile struct { var inodeTable syncmap.Map -type derivedIVContainer struct { - id []byte - block0IV []byte -} - func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.Status) { absPath, err := rfs.abs(rfs.decryptPath(relPath)) if err != nil { @@ -55,14 +50,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S } // See if we have that inode number already in the table // (even if Nlink has dropped to 1) - var derivedIVs derivedIVContainer + var derivedIVs pathiv.FileIVs v, found := inodeTable.Load(st.Ino) if found { tlog.Debug.Printf("ino%d: newFile: found in the inode table", st.Ino) - derivedIVs = v.(derivedIVContainer) + derivedIVs = v.(pathiv.FileIVs) } else { - derivedIVs.id = pathiv.Derive(relPath, pathiv.PurposeFileID) - derivedIVs.block0IV = pathiv.Derive(relPath, pathiv.PurposeBlock0IV) + derivedIVs = pathiv.DeriveFile(relPath) // Nlink > 1 means there is more than one path to this file. // Store the derived values so we always return the same data, // regardless of the path that is used to access the file. @@ -71,7 +65,7 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S v, found = inodeTable.LoadOrStore(st.Ino, derivedIVs) if found { // Another thread has stored a different value before we could. - derivedIVs = v.(derivedIVContainer) + derivedIVs = v.(pathiv.FileIVs) } else { tlog.Debug.Printf("ino%d: newFile: Nlink=%d, stored in the inode table", st.Ino, st.Nlink) } @@ -79,13 +73,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S } header := contentenc.FileHeader{ Version: contentenc.CurrentVersion, - ID: derivedIVs.id, + ID: derivedIVs.ID, } return &reverseFile{ File: nodefs.NewDefaultFile(), fd: fd, header: header, - block0IV: derivedIVs.block0IV, + block0IV: derivedIVs.Block0IV, contentEnc: rfs.contentEnc, }, fuse.OK } diff --git a/internal/pathiv/pathiv.go b/internal/pathiv/pathiv.go index d2d90a2..aa11b75 100644 --- a/internal/pathiv/pathiv.go +++ b/internal/pathiv/pathiv.go @@ -6,13 +6,19 @@ import ( "github.com/rfjakob/gocryptfs/internal/nametransform" ) +// Purpose identifies for which purpose the IV will be used. This is mixed into the +// derivation. type Purpose string const ( - PurposeDirIV Purpose = "DIRIV" - PurposeFileID Purpose = "FILEID" + // PurposeDirIV means the value will be used as a directory IV + PurposeDirIV Purpose = "DIRIV" + // PurposeFileID means the value will be used as the file ID in the file header + PurposeFileID Purpose = "FILEID" + // PurposeSymlinkIV means the value will be used as the IV for symlink encryption PurposeSymlinkIV Purpose = "SYMLINKIV" - PurposeBlock0IV Purpose = "BLOCK0IV" + // PurposeBlock0IV means the value will be used as the IV of ciphertext block #0. + PurposeBlock0IV Purpose = "BLOCK0IV" ) // Derive derives an IV from an encrypted path by hashing it with sha256 @@ -22,3 +28,17 @@ func Derive(path string, purpose Purpose) []byte { hash := sha256.Sum256(extended) return hash[:nametransform.DirIVLen] } + +// FileIVs contains both IVs that are needed to create a file. +type FileIVs struct { + ID []byte + Block0IV []byte +} + +// DeriveFile derives both IVs that are needed to create a file and returns them +// in a container struct. +func DeriveFile(path string) (fileIVs FileIVs) { + fileIVs.ID = Derive(path, PurposeFileID) + fileIVs.Block0IV = Derive(path, PurposeBlock0IV) + return fileIVs +} |