diff options
| -rw-r--r-- | Documentation/MANPAGE.md | 5 | ||||
| -rw-r--r-- | internal/fusefrontend/args.go | 1 | ||||
| -rw-r--r-- | internal/fusefrontend/fs.go | 2 | ||||
| -rw-r--r-- | internal/nametransform/names.go | 27 | ||||
| -rw-r--r-- | main.go | 9 | ||||
| -rw-r--r-- | tests/example_filesystems/example_filesystems_test.go | 16 |
6 files changed, 7 insertions, 53 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index bfc5279..fa62062 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -46,11 +46,6 @@ user_allow_other is set in /etc/fuse.conf. This option is equivalent to **-d, -debug** : Enable debug output -**-emenames** -: Use EME filename encryption (default true), implies diriv. -This flag is useful when recovering old gocryptfs filesystems using -"-masterkey". It is ignored (stays at the default) otherwise. - **-extpass string** : Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go index 4f77973..32a335d 100644 --- a/internal/fusefrontend/args.go +++ b/internal/fusefrontend/args.go @@ -6,7 +6,6 @@ type Args struct { Cipherdir string OpenSSL bool PlaintextNames bool - EMENames bool GCMIV128 bool LongNames bool } diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index 4342482..1cf6d7c 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -38,7 +38,7 @@ func NewFS(args Args) *FS { cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, args.GCMIV128) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS) - nameTransform := nametransform.New(cryptoCore, args.EMENames, args.LongNames) + nameTransform := nametransform.New(cryptoCore, args.LongNames) return &FS{ FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir), diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go index 8a7e260..4930488 100644 --- a/internal/nametransform/names.go +++ b/internal/nametransform/names.go @@ -4,7 +4,6 @@ package nametransform import ( "crypto/aes" - "crypto/cipher" "encoding/base64" "fmt" @@ -15,16 +14,14 @@ import ( type NameTransform struct { cryptoCore *cryptocore.CryptoCore - useEME bool longNames bool DirIVCache dirIVCache } -func New(c *cryptocore.CryptoCore, useEME bool, longNames bool) *NameTransform { +func New(c *cryptocore.CryptoCore, longNames bool) *NameTransform { return &NameTransform{ cryptoCore: c, longNames: longNames, - useEME: useEME, } } @@ -35,28 +32,18 @@ func New(c *cryptocore.CryptoCore, useEME bool, longNames bool) *NameTransform { // This function is exported because it allows for a very efficient readdir // implementation (read IV once, decrypt all names using this function). func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) { - bin, err := base64.URLEncoding.DecodeString(cipherName) if err != nil { return "", err } - if len(bin)%aes.BlockSize != 0 { return "", fmt.Errorf("Decoded length %d is not a multiple of the AES block size", len(bin)) } - - if n.useEME { - bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt) - } else { - cbc := cipher.NewCBCDecrypter(n.cryptoCore.BlockCipher, iv) - cbc.CryptBlocks(bin, bin) - } - + bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt) bin, err = unPad16(bin) if err != nil { return "", err } - plain := string(bin) return plain, err } @@ -68,17 +55,9 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error // This function is exported because fusefrontend needs access to the full (not hashed) // name if longname is used. Otherwise you should use EncryptPathDirIV() func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) { - bin := []byte(plainName) bin = pad16(bin) - - if n.useEME { - bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt) - } else { - cbc := cipher.NewCBCEncrypter(n.cryptoCore.BlockCipher, iv) - cbc.CryptBlocks(bin, bin) - } - + bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt) cipherName64 = base64.URLEncoding.EncodeToString(bin) return cipherName64 } @@ -42,7 +42,7 @@ const ( type argContainer struct { debug, init, zerokey, fusedebug, openssl, passwd, foreground, version, - plaintextnames, quiet, emenames, gcmiv128, nosyslog, wpanic, + plaintextnames, quiet, gcmiv128, nosyslog, wpanic, longnames, allow_other, ro bool masterkey, mountpoint, cipherdir, cpuprofile, config, extpass, memprofile string @@ -174,7 +174,6 @@ func main() { flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names") flagSet.BoolVar(&args.quiet, "q", false, "") flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages") - flagSet.BoolVar(&args.emenames, "emenames", true, "Use EME filename encryption. This option implies diriv.") flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits") flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background") flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately") @@ -369,7 +368,6 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi Masterkey: key, OpenSSL: args.openssl, PlaintextNames: args.plaintextnames, - EMENames: args.emenames, GCMIV128: args.gcmiv128, LongNames: args.longnames, } @@ -377,13 +375,8 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi if confFile != nil { // Settings from the config file override command line args frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames) - frontendArgs.EMENames = confFile.IsFeatureFlagSet(configfile.FlagEMENames) frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(configfile.FlagGCMIV128) } - // PlainTexnames disables EMENames - if frontendArgs.PlaintextNames { - frontendArgs.EMENames = false - } jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t") tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes)) diff --git a/tests/example_filesystems/example_filesystems_test.go b/tests/example_filesystems/example_filesystems_test.go index d91a040..0132da0 100644 --- a/tests/example_filesystems/example_filesystems_test.go +++ b/tests/example_filesystems/example_filesystems_test.go @@ -104,24 +104,12 @@ func TestExampleFSv04(t *testing.T) { // Test example_filesystems/v0.5 // with password mount and -masterkey mount func TestExampleFSv05(t *testing.T) { - pDir := test_helpers.TmpDir + "TestExampleFsV05/" cDir := "v0.5" - err := os.Mkdir(pDir, 0777) - if err != nil { - t.Fatal(err) - } - err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test") + pDir := test_helpers.TmpDir + cDir + err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test") if err == nil { t.Errorf("Mounting deprecated FS should fail") } - test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "199eae55-36bff4af-83b9a3a2-4fa16f65-"+ - "1549ccdb-2d08d1f0-b1b26965-1b61f896", "-emenames=false", "-gcmiv128=false") - checkExampleFS(t, pDir, true) - test_helpers.Unmount(pDir) - err = os.Remove(pDir) - if err != nil { - t.Error(err) - } } // Test example_filesystems/v0.6 |