diff options
| -rw-r--r-- | Documentation/MANPAGE.md | 13 | ||||
| -rw-r--r-- | init_dir.go | 3 | ||||
| -rw-r--r-- | internal/configfile/config_file.go | 7 | ||||
| -rw-r--r-- | internal/configfile/config_test.go | 8 | ||||
| -rw-r--r-- | internal/configfile/feature_flags.go | 1 | ||||
| -rw-r--r-- | mount.go | 1 | ||||
| -rw-r--r-- | tests/cli/cli_test.go | 6 | ||||
| -rw-r--r-- | tests/deterministic_names/deterministic_names_test.go | 14 |
8 files changed, 39 insertions, 14 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 07f063e..ab9f872 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -103,6 +103,14 @@ Defaults are fine. Use the AES-SIV encryption mode. This is slower than GCM but is secure with deterministic nonces as used in "-reverse" mode. +#### -deterministic-names +Disable file name randomisation and creation of `gocryptfs.diriv` files. +This can prevent sync conflicts conflicts when synchronising files, but +leaks information about identical file names across directories +("Identical names leak" in https://nuetzlich.net/gocryptfs/comparison/#file-names ). + +The resulting `gocryptfs.conf` has "DirIV" missing from "FeatureFlags". + #### -devrandom Use `/dev/random` for generating the master key instead of the default Go implementation. This is especially useful on embedded systems with Go versions @@ -545,11 +553,6 @@ useful in regression testing. Applies to: all actions. -#### -zerodiriv -Create diriv as all-zero files - -Applies to: all actions without `-plaintextnames`. - #### \-\- Stop option parsing. Helpful when CIPHERDIR may start with a dash "-". diff --git a/init_dir.go b/init_dir.go index cea7e53..70ba2ed 100644 --- a/init_dir.go +++ b/init_dir.go @@ -87,7 +87,8 @@ func initDir(args *argContainer) { } creator := tlog.ProgramName + " " + GitVersion err = configfile.Create(args.config, password, args.plaintextnames, - args.scryptn, creator, args.aessiv, args.devrandom, fido2CredentialID, fido2HmacSalt) + args.scryptn, creator, args.aessiv, args.devrandom, fido2CredentialID, fido2HmacSalt, + args.deterministic_names) if err != nil { tlog.Fatal.Println(err) os.Exit(exitcodes.WriteConf) diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 40dda38..b54bd51 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -80,7 +80,8 @@ func randBytesDevRandom(n int) []byte { // "password" and write it to "filename". // Uses scrypt with cost parameter logN. func Create(filename string, password []byte, plaintextNames bool, - logN int, creator string, aessiv bool, devrandom bool, fido2CredentialID []byte, fido2HmacSalt []byte) error { + logN int, creator string, aessiv bool, devrandom bool, + fido2CredentialID []byte, fido2HmacSalt []byte, deterministicNames bool) error { var cf ConfFile cf.filename = filename cf.Creator = creator @@ -92,7 +93,9 @@ func Create(filename string, password []byte, plaintextNames bool, if plaintextNames { cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagPlaintextNames]) } else { - cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagDirIV]) + if !deterministicNames { + cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagDirIV]) + } cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagEMENames]) cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagLongNames]) cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagRaw64]) diff --git a/internal/configfile/config_test.go b/internal/configfile/config_test.go index ce35531..17ca80c 100644 --- a/internal/configfile/config_test.go +++ b/internal/configfile/config_test.go @@ -62,7 +62,7 @@ func TestLoadV2StrangeFeature(t *testing.T) { } func TestCreateConfDefault(t *testing.T) { - err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, false, nil, nil) + err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, false, nil, nil, false) if err != nil { t.Fatal(err) } @@ -83,14 +83,14 @@ func TestCreateConfDefault(t *testing.T) { } func TestCreateConfDevRandom(t *testing.T) { - err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, true, nil, nil) + err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, true, nil, nil, false) if err != nil { t.Fatal(err) } } func TestCreateConfPlaintextnames(t *testing.T) { - err := Create("config_test/tmp.conf", testPw, true, 10, "test", false, false, nil, nil) + err := Create("config_test/tmp.conf", testPw, true, 10, "test", false, false, nil, nil, false) if err != nil { t.Fatal(err) } @@ -111,7 +111,7 @@ func TestCreateConfPlaintextnames(t *testing.T) { // Reverse mode uses AESSIV func TestCreateConfFileAESSIV(t *testing.T) { - err := Create("config_test/tmp.conf", testPw, false, 10, "test", true, false, nil, nil) + err := Create("config_test/tmp.conf", testPw, false, 10, "test", true, false, nil, nil, false) if err != nil { t.Fatal(err) } diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index 5964a53..45e1853 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -45,7 +45,6 @@ var knownFlags = map[flagIota]string{ // Filesystems that do not have these feature flags set are deprecated. var requiredFlagsNormal = []flagIota{ - FlagDirIV, FlagEMENames, FlagGCMIV128, } @@ -282,6 +282,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f if confFile != nil { // Settings from the config file override command line args frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames) + frontendArgs.DeterministicNames = !confFile.IsFeatureFlagSet(configfile.FlagDirIV) args.raw64 = confFile.IsFeatureFlagSet(configfile.FlagRaw64) args.hkdf = confFile.IsFeatureFlagSet(configfile.FlagHKDF) if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) { diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go index 85a8006..f4162f8 100644 --- a/tests/cli/cli_test.go +++ b/tests/cli/cli_test.go @@ -995,3 +995,9 @@ func TestMountCreat(t *testing.T) { test_helpers.UnmountPanic(mnt) } } + +// Test -init -deterministic-names +func TestInitDeterministicNames(t *testing.T) { + dir := test_helpers.InitFS(t, "-deterministic-names") + +} diff --git a/tests/deterministic_names/deterministic_names_test.go b/tests/deterministic_names/deterministic_names_test.go index 1b355df..e94b0b6 100644 --- a/tests/deterministic_names/deterministic_names_test.go +++ b/tests/deterministic_names/deterministic_names_test.go @@ -3,11 +3,13 @@ package deterministic_names // integration tests that target "-deterministic-names" specifically import ( + "fmt" "io/ioutil" "os" "path/filepath" "testing" + "github.com/rfjakob/gocryptfs/internal/configfile" "github.com/rfjakob/gocryptfs/tests/test_helpers" ) @@ -19,8 +21,18 @@ var testPw = []byte("test") // Create and mount "-deterministic-names" fs func TestMain(m *testing.M) { cDir = test_helpers.InitFS(nil, "-deterministic-names") + // Check config file sanity + _, c, err := configfile.LoadAndDecrypt(cDir+"/"+configfile.ConfDefaultName, testPw) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + if c.IsFeatureFlagSet(configfile.FlagDirIV) { + fmt.Println("DirIV flag should be off") + os.Exit(1) + } pDir = cDir + ".mnt" - test_helpers.MountOrExit(cDir, pDir, "-deterministic-names", "-extpass", "echo test") + test_helpers.MountOrExit(cDir, pDir, "-extpass", "echo test") r := m.Run() test_helpers.UnmountPanic(pDir) os.Exit(r) |