summaryrefslogtreecommitdiff
path: root/internal/nametransform/names_diriv.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/nametransform/names_diriv.go')
-rw-r--r--internal/nametransform/names_diriv.go17
1 files changed, 13 insertions, 4 deletions
diff --git a/internal/nametransform/names_diriv.go b/internal/nametransform/names_diriv.go
index d45f91b..9336f5d 100644
--- a/internal/nametransform/names_diriv.go
+++ b/internal/nametransform/names_diriv.go
@@ -1,12 +1,12 @@
package nametransform
import (
- "syscall"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strings"
+ "syscall"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/toggledlog"
@@ -54,17 +54,23 @@ func WriteDirIV(dir string) error {
return ioutil.WriteFile(file, iv, 0444)
}
-// EncryptPathDirIV - encrypt path using EME with DirIV
+// EncryptPathDirIV - encrypt relative plaintext path using EME with DirIV.
+// Components that are longer than 255 bytes are hashed.
func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (cipherPath string, err error) {
// Empty string means root directory
if plainPath == "" {
return plainPath, nil
}
+ // Reject names longer than 255 bytes already here. This relieves everybody
+ // who uses hashed long names from checking for that later.
+ baseName := filepath.Base(plainPath)
+ if len(baseName) > syscall.NAME_MAX {
+ return "", syscall.ENAMETOOLONG
+ }
// Check if the DirIV is cached
parentDir := filepath.Dir(plainPath)
found, iv, cParentDir := be.DirIVCache.lookup(parentDir)
if found {
- baseName := filepath.Base(plainPath)
cBaseName := be.EncryptName(baseName, iv)
if be.longNames && len(cBaseName) > syscall.NAME_MAX {
cBaseName = HashLongName(cBaseName)
@@ -72,7 +78,7 @@ func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (cip
cipherPath = cParentDir + "/" + cBaseName
return cipherPath, nil
}
- // Walk the directory tree
+ // Not cached - walk the directory tree
var wd = rootDir
var encryptedNames []string
plainNames := strings.Split(plainPath, "/")
@@ -96,6 +102,9 @@ func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (cip
}
// DecryptPathDirIV - decrypt path using EME with DirIV
+//
+// TODO This has only a single user, Readlink(), and only for compatability with
+// gocryptfs v0.5. Drop?
func (be *NameTransform) DecryptPathDirIV(encryptedPath string, rootDir string) (string, error) {
var wd = rootDir
var plainNames []string