aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/fusefrontend_reverse/node.go46
-rw-r--r--internal/fusefrontend_reverse/node_helpers.go84
-rw-r--r--internal/fusefrontend_reverse/root_node.go41
-rw-r--r--internal/fusefrontend_reverse/rpath.go13
-rw-r--r--internal/nametransform/names.go4
5 files changed, 148 insertions, 40 deletions
diff --git a/internal/fusefrontend_reverse/node.go b/internal/fusefrontend_reverse/node.go
index 0b2df12..713beee 100644
--- a/internal/fusefrontend_reverse/node.go
+++ b/internal/fusefrontend_reverse/node.go
@@ -10,7 +10,6 @@ import (
"github.com/hanwen/go-fuse/v2/fuse"
"github.com/rfjakob/gocryptfs/internal/configfile"
- "github.com/rfjakob/gocryptfs/internal/pathiv"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
)
@@ -25,9 +24,16 @@ func (n *Node) Lookup(ctx context.Context, name string, out *fuse.EntryOut) (ch
dirfd := int(-1)
pName := ""
t := n.lookupFileType(name)
- // gocryptfs.conf
- if t == typeConfig {
+ if t == typeDiriv {
+ // gocryptfs.diriv
+ return n.lookupDiriv(ctx, out)
+ } else if t == typeName {
+ // gocryptfs.longname.*.name
+ return n.lookupLongnameName(ctx, name, out)
+ } else if t == typeConfig {
+ // gocryptfs.conf
var err error
+ pName = configfile.ConfReverseName
rn := n.rootNode()
dirfd, err = syscallcompat.OpenDirNofollow(rn.args.Cipherdir, "")
if err != nil {
@@ -35,34 +41,6 @@ func (n *Node) Lookup(ctx context.Context, name string, out *fuse.EntryOut) (ch
return
}
defer syscall.Close(dirfd)
- pName = configfile.ConfReverseName
- } else if t == typeDiriv {
- // gocryptfs.diriv
- dirfd, pName, errno = n.prepareAtSyscall("")
- if errno != 0 {
- return
- }
- defer syscall.Close(dirfd)
- st, err := syscallcompat.Fstatat2(dirfd, pName, unix.AT_SYMLINK_NOFOLLOW)
- if err != nil {
- errno = fs.ToErrno(err)
- return
- }
- content := pathiv.Derive(n.Path(), pathiv.PurposeDirIV)
- var vf *virtualFile
- vf, errno = n.newVirtualFile(content, st, inoTagDirIV)
- if errno != 0 {
- return nil, errno
- }
- out.Attr = vf.attr
- // Create child node
- id := fs.StableAttr{Mode: uint32(vf.attr.Mode), Gen: 1, Ino: vf.attr.Ino}
- ch = n.NewInode(ctx, vf, id)
- return
- } else if t == typeName {
- // gocryptfs.longname.*.name
-
- // TODO
} else if t == typeReal {
// real file
dirfd, pName, errno = n.prepareAtSyscall(name)
@@ -71,21 +49,17 @@ func (n *Node) Lookup(ctx context.Context, name string, out *fuse.EntryOut) (ch
}
defer syscall.Close(dirfd)
}
-
// Get device number and inode number into `st`
st, err := syscallcompat.Fstatat2(dirfd, pName, unix.AT_SYMLINK_NOFOLLOW)
if err != nil {
return nil, fs.ToErrno(err)
}
-
// Create new inode and fill `out`
ch = n.newChild(ctx, st, out)
-
+ // Translate ciphertext size in `out.Attr.Size` to plaintext size
if t == typeReal {
- // Translate ciphertext size in `out.Attr.Size` to plaintext size
n.translateSize(dirfd, pName, &out.Attr)
}
-
return ch, 0
}
diff --git a/internal/fusefrontend_reverse/node_helpers.go b/internal/fusefrontend_reverse/node_helpers.go
index 24cdbd1..df9de9b 100644
--- a/internal/fusefrontend_reverse/node_helpers.go
+++ b/internal/fusefrontend_reverse/node_helpers.go
@@ -5,8 +5,24 @@ import (
"path/filepath"
"syscall"
+ "golang.org/x/sys/unix"
+
"github.com/hanwen/go-fuse/v2/fs"
"github.com/hanwen/go-fuse/v2/fuse"
+
+ "github.com/rfjakob/gocryptfs/internal/pathiv"
+ "github.com/rfjakob/gocryptfs/internal/syscallcompat"
+)
+
+const (
+ // File names are padded to 16-byte multiples, encrypted and
+ // base64-encoded. We can encode at most 176 bytes to stay below the 255
+ // bytes limit:
+ // * base64(176 bytes) = 235 bytes
+ // * base64(192 bytes) = 256 bytes (over 255!)
+ // But the PKCS#7 padding is at least one byte. This means we can only use
+ // 175 bytes for the file name.
+ shortNameMax = 175
)
// translateSize translates the ciphertext size in `out` into plaintext size.
@@ -36,13 +52,13 @@ func (n *Node) rootNode() *RootNode {
// If you pass a `child` file name, the (dirfd, cName) pair will refer to
// a child of this node.
// If `child` is empty, the (dirfd, cName) pair refers to this node itself.
-func (n *Node) prepareAtSyscall(child string) (dirfd int, cName string, errno syscall.Errno) {
+func (n *Node) prepareAtSyscall(child string) (dirfd int, pName string, errno syscall.Errno) {
p := n.Path()
if child != "" {
p = filepath.Join(p, child)
}
rn := n.rootNode()
- dirfd, cName, err := rn.openBackingDir(p)
+ dirfd, pName, err := rn.openBackingDir(p)
if err != nil {
errno = fs.ToErrno(err)
}
@@ -71,3 +87,67 @@ func (n *Node) isRoot() bool {
rn := n.rootNode()
return &rn.Node == n
}
+
+func (n *Node) lookupLongnameName(ctx context.Context, nameFile string, out *fuse.EntryOut) (ch *fs.Inode, errno syscall.Errno) {
+ dirfd, pName1, errno := n.prepareAtSyscall("")
+ if errno != 0 {
+ return
+ }
+ defer syscall.Close(dirfd)
+
+ // Find the file the gocryptfs.longname.XYZ.name file belongs to in the
+ // directory listing
+ fd, err := syscallcompat.Openat(dirfd, pName1, syscall.O_RDONLY|syscall.O_DIRECTORY|syscall.O_NOFOLLOW, 0)
+ if err != nil {
+ errno = fs.ToErrno(err)
+ return
+ }
+ diriv := pathiv.Derive(n.Path(), pathiv.PurposeDirIV)
+ rn := n.rootNode()
+ pName, cFullname, errno := rn.findLongnameParent(fd, diriv, nameFile)
+ if errno != 0 {
+ return
+ }
+ // Get attrs from parent file
+ st, err := syscallcompat.Fstatat2(dirfd, pName, unix.AT_SYMLINK_NOFOLLOW)
+ if err != nil {
+ errno = fs.ToErrno(err)
+ return
+ }
+ var vf *virtualFile
+ vf, errno = n.newVirtualFile([]byte(cFullname), st, inoTagNameFile)
+ if errno != 0 {
+ return nil, errno
+ }
+ out.Attr = vf.attr
+ // Create child node
+ id := fs.StableAttr{Mode: uint32(vf.attr.Mode), Gen: 1, Ino: vf.attr.Ino}
+ ch = n.NewInode(ctx, vf, id)
+ return
+
+}
+
+// lookupDiriv returns a new Inode for a gocryptfs.diriv file inside `n`.
+func (n *Node) lookupDiriv(ctx context.Context, out *fuse.EntryOut) (ch *fs.Inode, errno syscall.Errno) {
+ dirfd, pName, errno := n.prepareAtSyscall("")
+ if errno != 0 {
+ return
+ }
+ defer syscall.Close(dirfd)
+ st, err := syscallcompat.Fstatat2(dirfd, pName, unix.AT_SYMLINK_NOFOLLOW)
+ if err != nil {
+ errno = fs.ToErrno(err)
+ return
+ }
+ content := pathiv.Derive(n.Path(), pathiv.PurposeDirIV)
+ var vf *virtualFile
+ vf, errno = n.newVirtualFile(content, st, inoTagDirIV)
+ if errno != 0 {
+ return nil, errno
+ }
+ out.Attr = vf.attr
+ // Create child node
+ id := fs.StableAttr{Mode: uint32(vf.attr.Mode), Gen: 1, Ino: vf.attr.Ino}
+ ch = n.NewInode(ctx, vf, id)
+ return
+}
diff --git a/internal/fusefrontend_reverse/root_node.go b/internal/fusefrontend_reverse/root_node.go
index 726380f..4297ecf 100644
--- a/internal/fusefrontend_reverse/root_node.go
+++ b/internal/fusefrontend_reverse/root_node.go
@@ -1,10 +1,19 @@
package fusefrontend_reverse
import (
+ "log"
+ "strings"
+ "syscall"
+
+ "golang.org/x/sys/unix"
+
+ "github.com/hanwen/go-fuse/v2/fs"
+
"github.com/rfjakob/gocryptfs/internal/contentenc"
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
"github.com/rfjakob/gocryptfs/internal/inomap"
"github.com/rfjakob/gocryptfs/internal/nametransform"
+ "github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/sabhiram/go-gitignore"
)
@@ -37,3 +46,35 @@ func NewRootNode(args fusefrontend.Args, c *contentenc.ContentEnc, n nametransfo
excluder: prepareExcluder(args),
}
}
+
+// You can pass either gocryptfs.longname.XYZ.name or gocryptfs.longname.XYZ.
+func (rn *RootNode) findLongnameParent(fd int, diriv []byte, longname string) (pName string, cFullName string, errno syscall.Errno) {
+ if strings.HasSuffix(longname, nametransform.LongNameSuffix) {
+ longname = nametransform.RemoveLongNameSuffix(longname)
+ }
+ entries, err := syscallcompat.Getdents(fd)
+ if err != nil {
+ errno = fs.ToErrno(err)
+ return
+ }
+ for _, entry := range entries {
+ if len(entry.Name) <= shortNameMax {
+ continue
+ }
+ cFullName = rn.nameTransform.EncryptName(entry.Name, diriv)
+ if len(cFullName) <= unix.NAME_MAX {
+ // Entry should have been skipped by the "continue" above
+ log.Panic("logic error or wrong shortNameMax constant?")
+ }
+ hName := rn.nameTransform.HashLongName(cFullName)
+ if longname == hName {
+ pName = entry.Name
+ break
+ }
+ }
+ if pName == "" {
+ errno = syscall.ENOENT
+ return
+ }
+ return
+}
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go
index 35b9361..d212dfc 100644
--- a/internal/fusefrontend_reverse/rpath.go
+++ b/internal/fusefrontend_reverse/rpath.go
@@ -47,11 +47,20 @@ func (rfs *RootNode) rDecryptName(cName string, dirIV []byte, pDir string) (pNam
return "", err
}
} else if nameType == nametransform.LongNameContent {
- panic("todo")
- //pName, err = rfs.findLongnameParent(pDir, dirIV, cName)
+ dirfd, err := syscallcompat.OpenDirNofollow(rfs.args.Cipherdir, filepath.Dir(pDir))
if err != nil {
return "", err
}
+ defer syscall.Close(dirfd)
+ fd, err := syscallcompat.Openat(dirfd, filepath.Base(pDir), syscall.O_RDONLY|syscall.O_DIRECTORY|syscall.O_NOFOLLOW, 0)
+ if err != nil {
+ return "", err
+ }
+ var errno syscall.Errno
+ pName, _, errno = rfs.findLongnameParent(fd, dirIV, cName)
+ if errno != 0 {
+ return "", errno
+ }
} else {
// It makes no sense to decrypt a ".name" file. This is a virtual file
// that has no representation in the plaintext filesystem. ".name"
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index a659f0a..119d592 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -23,6 +23,10 @@ type NameTransformer interface {
DecryptName(cipherName string, iv []byte) (string, error)
EncryptName(plainName string, iv []byte) string
EncryptAndHashName(name string, iv []byte) (string, error)
+ // HashLongName - take the hash of a long string "name" and return
+ // "gocryptfs.longname.[sha256]"
+ //
+ // This function does not do any I/O.
HashLongName(name string) string
WriteLongNameAt(dirfd int, hashName string, plainName string) error
B64EncodeToString(src []byte) string