diff options
Diffstat (limited to 'internal/nametransform')
| -rw-r--r-- | internal/nametransform/diriv.go | 50 | ||||
| -rw-r--r-- | internal/nametransform/names.go | 13 |
2 files changed, 61 insertions, 2 deletions
diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go index 1d27aa5..d62b3fb 100644 --- a/internal/nametransform/diriv.go +++ b/internal/nametransform/diriv.go @@ -6,11 +6,13 @@ import ( "io" "os" "path/filepath" + "strings" "syscall" "github.com/rfjakob/gocryptfs/internal/cryptocore" "github.com/rfjakob/gocryptfs/internal/syscallcompat" "github.com/rfjakob/gocryptfs/internal/tlog" + "golang.org/x/sys/unix" ) const ( @@ -112,6 +114,54 @@ func (be *NameTransform) EncryptAndHashName(name string, iv []byte) (string, err return cName, nil } +// EncryptAndHashBadName tries to find the "name" substring, which (encrypted and hashed) +// leads to an unique existing file +// Returns ENOENT if cipher file does not exist or is not unique +func (be *NameTransform) EncryptAndHashBadName(name string, iv []byte, dirfd int) (cName string, err error) { + var st unix.Stat_t + var filesFound int + lastFoundName, err := be.EncryptAndHashName(name, iv) + if !strings.HasSuffix(name, BadNameFlag) || err != nil { + //Default mode: same behaviour on error or no BadNameFlag on "name" + return lastFoundName, err + } + //Default mode: Check if File extists without modifications + err = syscallcompat.Fstatat(dirfd, lastFoundName, &st, unix.AT_SYMLINK_NOFOLLOW) + if err == nil { + //file found, return result + return lastFoundName, nil + } + //BadName Mode: check if the name was tranformed without change (badname suffix and undecryptable cipher name) + err = syscallcompat.Fstatat(dirfd, name[:len(name)-len(BadNameFlag)], &st, unix.AT_SYMLINK_NOFOLLOW) + if err == nil { + filesFound++ + lastFoundName = name[:len(name)-len(BadNameFlag)] + } + // search for the longest badname pattern match + for charpos := len(name) - len(BadNameFlag); charpos > 0; charpos-- { + //only use original cipher name and append assumed suffix (without badname flag) + cNamePart, err := be.EncryptName(name[:charpos], iv) + if err != nil { + //expand suffix on error + continue + } + if be.longNames && len(cName) > NameMax { + cNamePart = be.HashLongName(cName) + } + cNameBadReverse := cNamePart + name[charpos:len(name)-len(BadNameFlag)] + err = syscallcompat.Fstatat(dirfd, cNameBadReverse, &st, unix.AT_SYMLINK_NOFOLLOW) + if err == nil { + filesFound++ + lastFoundName = cNameBadReverse + } + } + if filesFound == 1 { + return lastFoundName, nil + } + // more than 1 possible file found, ignore + return "", syscall.ENOENT +} + // Dir is like filepath.Dir but returns "" instead of ".". func Dir(path string) string { d := filepath.Dir(path) diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go index ca28230..f730184 100644 --- a/internal/nametransform/names.go +++ b/internal/nametransform/names.go @@ -15,6 +15,8 @@ import ( const ( // Like ext4, we allow at most 255 bytes for a file name. NameMax = 255 + //BadNameFlag is appended to filenames in plain mode if a ciphername is inavlid but is shown + BadNameFlag = " GOCRYPTFS_BAD_NAME" ) // NameTransformer is an interface used to transform filenames. @@ -22,11 +24,13 @@ type NameTransformer interface { DecryptName(cipherName string, iv []byte) (string, error) EncryptName(plainName string, iv []byte) (string, error) EncryptAndHashName(name string, iv []byte) (string, error) + EncryptAndHashBadName(name string, iv []byte, dirfd int) (string, error) // HashLongName - take the hash of a long string "name" and return // "gocryptfs.longname.[sha256]" // // This function does not do any I/O. HashLongName(name string) string + HaveBadnamePatterns() bool WriteLongNameAt(dirfd int, hashName string, plainName string) error B64EncodeToString(src []byte) string B64DecodeString(s string) ([]byte, error) @@ -70,10 +74,10 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error for charpos := len(cipherName) - 1; charpos >= nameMin; charpos-- { res, err = n.decryptName(cipherName[:charpos], iv) if err == nil { - return res + cipherName[charpos:] + " GOCRYPTFS_BAD_NAME", nil + return res + cipherName[charpos:] + BadNameFlag, nil } } - return cipherName + " GOCRYPTFS_BAD_NAME", nil + return cipherName + BadNameFlag, nil } } } @@ -135,3 +139,8 @@ func (n *NameTransform) B64EncodeToString(src []byte) string { func (n *NameTransform) B64DecodeString(s string) ([]byte, error) { return n.B64.DecodeString(s) } + +// HaveBadnamePatterns returns true if BadName patterns were provided +func (n *NameTransform) HaveBadnamePatterns() bool { + return len(n.BadnamePatterns) > 0 +} |