1 files changed, 52 insertions, 0 deletions

diff --git a/internal/fusefrontend/names.go b/internal/fusefrontend/names.go
new file mode 100644
index 0000000..5760c87
--- /dev/null
+++ b/internal/fusefrontend/names.go
@@ -0,0 +1,52 @@
+package fusefrontend
+
+// This file forwards file encryption operations to cryptfs
+
+import (
+	"github.com/rfjakob/gocryptfs/internal/configfile"
+	mylog "github.com/rfjakob/gocryptfs/internal/toggledlog"
+)
+
+// isFiltered - check if plaintext "path" should be forbidden
+//
+// Prevents name clashes with internal files when file names are not encrypted
+func (fs *FS) isFiltered(path string) bool {
+	if !fs.args.PlaintextNames {
+		return false
+	}
+	// gocryptfs.conf in the root directory is forbidden
+	if path == configfile.ConfDefaultName {
+		mylog.Info.Printf("The name /%s is reserved when -plaintextnames is used\n",
+			configfile.ConfDefaultName)
+		return true
+	}
+	// Note: gocryptfs.diriv is NOT forbidden because diriv and plaintextnames
+	// are exclusive
+	return false
+}
+
+// encryptPath - encrypt relative plaintext path
+func (fs *FS) encryptPath(plainPath string) (string, error) {
+	if fs.args.PlaintextNames {
+		return plainPath, nil
+	}
+	if !fs.args.DirIV {
+		return fs.nameTransform.EncryptPathNoIV(plainPath), nil
+	}
+	fs.dirIVLock.RLock()
+	defer fs.dirIVLock.RUnlock()
+	return fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir)
+}
+
+// decryptPath - decrypt relative ciphertext path
+func (fs *FS) decryptPath(cipherPath string) (string, error) {
+	if fs.args.PlaintextNames {
+		return cipherPath, nil
+	}
+	if !fs.args.DirIV {
+		return fs.nameTransform.DecryptPathNoIV(cipherPath)
+	}
+	fs.dirIVLock.RLock()
+	defer fs.dirIVLock.RUnlock()
+	return fs.nameTransform.DecryptPathDirIV(cipherPath, fs.args.Cipherdir, fs.args.EMENames)
+}