aboutsummaryrefslogtreecommitdiff
path: root/internal/fusefrontend_reverse/rpath.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/fusefrontend_reverse/rpath.go')
-rw-r--r--internal/fusefrontend_reverse/rpath.go19
1 files changed, 15 insertions, 4 deletions
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go
index 55fb481..ca8c442 100644
--- a/internal/fusefrontend_reverse/rpath.go
+++ b/internal/fusefrontend_reverse/rpath.go
@@ -19,9 +19,20 @@ func saneDir(path string) string {
return d
}
-// derivePathIV derives an IV from an encrypted path by hashing it
-func derivePathIV(path string) []byte {
- hash := sha256.Sum256([]byte(path))
+type ivPurposeType string
+
+const (
+ ivPurposeDirIV ivPurposeType = "DIRIV"
+ ivPurposeFileID ivPurposeType = "FILEID"
+ ivPurposeSymlinkIV ivPurposeType = "SYMLINKIV"
+ ivPurposeBlock0IV ivPurposeType = "BLOCK0IV"
+)
+
+// derivePathIV derives an IV from an encrypted path by hashing it with sha256
+func derivePathIV(path string, purpose ivPurposeType) []byte {
+ // Use null byte as separator as it cannot occour in the path
+ extended := []byte(path + "\000" + string(purpose))
+ hash := sha256.Sum256(extended)
return hash[:nametransform.DirIVLen]
}
@@ -43,7 +54,7 @@ func (rfs *reverseFS) decryptPath(relPath string) (string, error) {
// Start at the top and recurse
currentDir := filepath.Join(parts[:i]...)
nameType := nametransform.NameType(part)
- dirIV := derivePathIV(currentDir)
+ dirIV := derivePathIV(currentDir, ivPurposeDirIV)
var transformedPart string
if nameType == nametransform.LongNameNone {
transformedPart, err = rfs.nameTransform.DecryptName(part, dirIV)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-20 06:06:15 +0000