aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/fusefrontend/args.go1
-rw-r--r--internal/fusefrontend/fs.go27
-rw-r--r--internal/fusefrontend/fs_dir.go12
-rw-r--r--internal/fusefrontend/names.go6
4 files changed, 9 insertions, 37 deletions
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 8520592..4f77973 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -6,7 +6,6 @@ type Args struct {
Cipherdir string
OpenSSL bool
PlaintextNames bool
- DirIV bool
EMENames bool
GCMIV128 bool
LongNames bool
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 26c9252..4342482 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -249,17 +249,10 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f
if status != fuse.OK {
return "", status
}
- // Old filesystem: symlinks are encrypted like paths (CBC)
- if !fs.args.DirIV {
- var target string
- target, err = fs.decryptPath(cTarget)
- if err != nil {
- tlog.Warn.Printf("Readlink: CBC decryption failed: %v", err)
- return "", fuse.EIO
- }
- return target, fuse.OK
+ if fs.args.PlaintextNames {
+ return cTarget, fuse.OK
}
- // Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
+ // Symlinks are encrypted like file contents (GCM) and base64-encoded
cBinTarget, err := base64.URLEncoding.DecodeString(cTarget)
if err != nil {
tlog.Warn.Printf("Readlink: %v", err)
@@ -316,19 +309,11 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co
if err != nil {
return fuse.ToStatus(err)
}
- // Before v0.5, symlinks were encrypted like paths (CBC)
- // TODO drop compatibility and simplify code?
- if !fs.args.DirIV {
- var cTarget string
- cTarget, err = fs.encryptPath(target)
- if err != nil {
- tlog.Warn.Printf("Symlink: BUG: we should not get an error here: %v", err)
- return fuse.ToStatus(err)
- }
- err = os.Symlink(cTarget, cPath)
+ if fs.args.PlaintextNames {
+ err = os.Symlink(target, cPath)
return fuse.ToStatus(err)
}
-
+ // Symlinks are encrypted like file contents (GCM) and base64-encoded
cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil)
cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
diff --git a/internal/fusefrontend/fs_dir.go b/internal/fusefrontend/fs_dir.go
index f77486d..80a66ca 100644
--- a/internal/fusefrontend/fs_dir.go
+++ b/internal/fusefrontend/fs_dir.go
@@ -46,9 +46,6 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
if err != nil {
return fuse.ToStatus(err)
}
- if !fs.args.DirIV {
- return fuse.ToStatus(os.Mkdir(cPath, os.FileMode(mode)))
- }
// We need write and execute permissions to create gocryptfs.diriv
origMode := mode
mode = mode | 0300
@@ -98,9 +95,6 @@ func (fs *FS) Rmdir(path string, context *fuse.Context) (code fuse.Status) {
if err != nil {
return fuse.ToStatus(err)
}
- if !fs.args.DirIV {
- return fuse.ToStatus(syscall.Rmdir(cPath))
- }
parentDir := filepath.Dir(cPath)
parentDirFd, err := os.Open(parentDir)
@@ -215,10 +209,10 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
if cipherEntries == nil {
return nil, status
}
- // Get DirIV (stays nil if DirIV if off)
+ // Get DirIV (stays nil if PlaintextNames is used)
var cachedIV []byte
var cDirAbsPath string
- if fs.args.DirIV {
+ if !fs.args.PlaintextNames {
// Read the DirIV once and use it for all later name decryptions
cDirAbsPath = filepath.Join(fs.args.Cipherdir, cDirName)
cachedIV, err = nametransform.ReadDirIV(cDirAbsPath)
@@ -237,7 +231,7 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
// silently ignore "gocryptfs.conf" in the top level dir
continue
}
- if fs.args.DirIV && cName == nametransform.DirIVFilename {
+ if !fs.args.PlaintextNames && cName == nametransform.DirIVFilename {
// silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled
continue
}
diff --git a/internal/fusefrontend/names.go b/internal/fusefrontend/names.go
index 907b6b4..54b41ae 100644
--- a/internal/fusefrontend/names.go
+++ b/internal/fusefrontend/names.go
@@ -44,9 +44,6 @@ func (fs *FS) encryptPath(plainPath string) (string, error) {
if fs.args.PlaintextNames {
return plainPath, nil
}
- if !fs.args.DirIV {
- return fs.nameTransform.EncryptPathNoIV(plainPath), nil
- }
fs.dirIVLock.RLock()
cPath, err := fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir)
tlog.Debug.Printf("encryptPath '%s' -> '%s' (err: %v)", plainPath, cPath, err)
@@ -59,9 +56,6 @@ func (fs *FS) decryptPath(cipherPath string) (string, error) {
if fs.args.PlaintextNames {
return cipherPath, nil
}
- if !fs.args.DirIV {
- return fs.nameTransform.DecryptPathNoIV(cipherPath)
- }
fs.dirIVLock.RLock()
defer fs.dirIVLock.RUnlock()
return fs.nameTransform.DecryptPathDirIV(cipherPath, fs.args.Cipherdir)