diff options
Diffstat (limited to 'internal/fusefrontend_reverse/rpath.go')
| -rw-r--r-- | internal/fusefrontend_reverse/rpath.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go index 199473b..7ebedd7 100644 --- a/internal/fusefrontend_reverse/rpath.go +++ b/internal/fusefrontend_reverse/rpath.go @@ -2,6 +2,7 @@ package fusefrontend_reverse import ( "encoding/base64" + "log" "path/filepath" "strings" "syscall" @@ -72,7 +73,7 @@ func (rn *RootNode) decryptPath(cPath string) (string, error) { // Start at the top and recurse currentCipherDir := filepath.Join(parts[:i]...) currentPlainDir := filepath.Join(transformedParts[:i]...) - dirIV := pathiv.Derive(currentCipherDir, pathiv.PurposeDirIV) + dirIV := rn.deriveDirIV(currentCipherDir) transformedPart, err := rn.rDecryptName(parts[i], dirIV, currentPlainDir) if err != nil { return "", err @@ -83,6 +84,17 @@ func (rn *RootNode) decryptPath(cPath string) (string, error) { return pRelPath, nil } +// deriveDirIV wraps pathiv.Derive but takes DeterministicNames into account. +func (rn *RootNode) deriveDirIV(cPath string) []byte { + if rn.args.PlaintextNames { + log.Panic("BUG: deriveDirIV called but PlaintextNames is set") + } + if rn.args.DeterministicNames { + return make([]byte, nametransform.DirIVLen) + } + return pathiv.Derive(cPath, pathiv.PurposeDirIV) +} + // openBackingDir receives an already decrypted relative path // "pRelPath", opens the directory that contains the target file/dir // and returns the fd to the directory and the decrypted name of the |