diff options
Diffstat (limited to 'internal/fusefrontend')
| -rw-r--r-- | internal/fusefrontend/args.go | 1 | ||||
| -rw-r--r-- | internal/fusefrontend/fs.go | 27 | ||||
| -rw-r--r-- | internal/fusefrontend/fs_dir.go | 12 | ||||
| -rw-r--r-- | internal/fusefrontend/names.go | 6 | 
4 files changed, 9 insertions, 37 deletions
| diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go index 8520592..4f77973 100644 --- a/internal/fusefrontend/args.go +++ b/internal/fusefrontend/args.go @@ -6,7 +6,6 @@ type Args struct {  	Cipherdir      string  	OpenSSL        bool  	PlaintextNames bool -	DirIV          bool  	EMENames       bool  	GCMIV128       bool  	LongNames      bool diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index 26c9252..4342482 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -249,17 +249,10 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f  	if status != fuse.OK {  		return "", status  	} -	// Old filesystem: symlinks are encrypted like paths (CBC) -	if !fs.args.DirIV { -		var target string -		target, err = fs.decryptPath(cTarget) -		if err != nil { -			tlog.Warn.Printf("Readlink: CBC decryption failed: %v", err) -			return "", fuse.EIO -		} -		return target, fuse.OK +	if fs.args.PlaintextNames { +		return cTarget, fuse.OK  	} -	// Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM) +	// Symlinks are encrypted like file contents (GCM) and base64-encoded  	cBinTarget, err := base64.URLEncoding.DecodeString(cTarget)  	if err != nil {  		tlog.Warn.Printf("Readlink: %v", err) @@ -316,19 +309,11 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co  	if err != nil {  		return fuse.ToStatus(err)  	} -	// Before v0.5, symlinks were encrypted like paths (CBC) -	// TODO drop compatibility and simplify code? -	if !fs.args.DirIV { -		var cTarget string -		cTarget, err = fs.encryptPath(target) -		if err != nil { -			tlog.Warn.Printf("Symlink: BUG: we should not get an error here: %v", err) -			return fuse.ToStatus(err) -		} -		err = os.Symlink(cTarget, cPath) +	if fs.args.PlaintextNames { +		err = os.Symlink(target, cPath)  		return fuse.ToStatus(err)  	} - +	// Symlinks are encrypted like file contents (GCM) and base64-encoded  	cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil)  	cTarget := base64.URLEncoding.EncodeToString(cBinTarget) diff --git a/internal/fusefrontend/fs_dir.go b/internal/fusefrontend/fs_dir.go index f77486d..80a66ca 100644 --- a/internal/fusefrontend/fs_dir.go +++ b/internal/fusefrontend/fs_dir.go @@ -46,9 +46,6 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu  	if err != nil {  		return fuse.ToStatus(err)  	} -	if !fs.args.DirIV { -		return fuse.ToStatus(os.Mkdir(cPath, os.FileMode(mode))) -	}  	// We need write and execute permissions to create gocryptfs.diriv  	origMode := mode  	mode = mode | 0300 @@ -98,9 +95,6 @@ func (fs *FS) Rmdir(path string, context *fuse.Context) (code fuse.Status) {  	if err != nil {  		return fuse.ToStatus(err)  	} -	if !fs.args.DirIV { -		return fuse.ToStatus(syscall.Rmdir(cPath)) -	}  	parentDir := filepath.Dir(cPath)  	parentDirFd, err := os.Open(parentDir) @@ -215,10 +209,10 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f  	if cipherEntries == nil {  		return nil, status  	} -	// Get DirIV (stays nil if DirIV if off) +	// Get DirIV (stays nil if PlaintextNames is used)  	var cachedIV []byte  	var cDirAbsPath string -	if fs.args.DirIV { +	if !fs.args.PlaintextNames {  		// Read the DirIV once and use it for all later name decryptions  		cDirAbsPath = filepath.Join(fs.args.Cipherdir, cDirName)  		cachedIV, err = nametransform.ReadDirIV(cDirAbsPath) @@ -237,7 +231,7 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f  			// silently ignore "gocryptfs.conf" in the top level dir  			continue  		} -		if fs.args.DirIV && cName == nametransform.DirIVFilename { +		if !fs.args.PlaintextNames && cName == nametransform.DirIVFilename {  			// silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled  			continue  		} diff --git a/internal/fusefrontend/names.go b/internal/fusefrontend/names.go index 907b6b4..54b41ae 100644 --- a/internal/fusefrontend/names.go +++ b/internal/fusefrontend/names.go @@ -44,9 +44,6 @@ func (fs *FS) encryptPath(plainPath string) (string, error) {  	if fs.args.PlaintextNames {  		return plainPath, nil  	} -	if !fs.args.DirIV { -		return fs.nameTransform.EncryptPathNoIV(plainPath), nil -	}  	fs.dirIVLock.RLock()  	cPath, err := fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir)  	tlog.Debug.Printf("encryptPath '%s' -> '%s' (err: %v)", plainPath, cPath, err) @@ -59,9 +56,6 @@ func (fs *FS) decryptPath(cipherPath string) (string, error) {  	if fs.args.PlaintextNames {  		return cipherPath, nil  	} -	if !fs.args.DirIV { -		return fs.nameTransform.DecryptPathNoIV(cipherPath) -	}  	fs.dirIVLock.RLock()  	defer fs.dirIVLock.RUnlock()  	return fs.nameTransform.DecryptPathDirIV(cipherPath, fs.args.Cipherdir) | 
