summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/fusefrontend_reverse/ctlsock_interface.go3
-rw-r--r--internal/fusefrontend_reverse/node_dir_ops.go19
-rw-r--r--internal/fusefrontend_reverse/node_helpers.go7
-rw-r--r--internal/fusefrontend_reverse/rpath.go14
-rw-r--r--internal/fusefrontend_reverse/virtualnode.go8
5 files changed, 32 insertions, 19 deletions
diff --git a/internal/fusefrontend_reverse/ctlsock_interface.go b/internal/fusefrontend_reverse/ctlsock_interface.go
index 2157044..1cfdf3e 100644
--- a/internal/fusefrontend_reverse/ctlsock_interface.go
+++ b/internal/fusefrontend_reverse/ctlsock_interface.go
@@ -7,7 +7,6 @@ import (
"golang.org/x/sys/unix"
"github.com/rfjakob/gocryptfs/internal/ctlsocksrv"
- "github.com/rfjakob/gocryptfs/internal/pathiv"
)
// Verify that the interface is implemented.
@@ -22,7 +21,7 @@ func (rn *RootNode) EncryptPath(plainPath string) (string, error) {
cipherPath := ""
parts := strings.Split(plainPath, "/")
for _, part := range parts {
- dirIV := pathiv.Derive(cipherPath, pathiv.PurposeDirIV)
+ dirIV := rn.deriveDirIV(cipherPath)
encryptedPart, err := rn.nameTransform.EncryptName(part, dirIV)
if err != nil {
return "", err
diff --git a/internal/fusefrontend_reverse/node_dir_ops.go b/internal/fusefrontend_reverse/node_dir_ops.go
index 21b9775..2592ebc 100644
--- a/internal/fusefrontend_reverse/node_dir_ops.go
+++ b/internal/fusefrontend_reverse/node_dir_ops.go
@@ -13,7 +13,6 @@ import (
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/nametransform"
- "github.com/rfjakob/gocryptfs/internal/pathiv"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
@@ -23,20 +22,16 @@ import (
// This function is symlink-safe through use of openBackingDir() and
// ReadDirIVAt().
func (n *Node) Readdir(ctx context.Context) (stream fs.DirStream, errno syscall.Errno) {
- // Virtual files: at least one gocryptfs.diriv file
- virtualFiles := []fuse.DirEntry{
- {Mode: virtualFileMode, Name: nametransform.DirIVFilename},
- }
rn := n.rootNode()
+ // Should we present a virtual gocryptfs.diriv?
+ var virtualFiles []fuse.DirEntry
+ if !rn.args.PlaintextNames && !rn.args.DeterministicNames {
+ virtualFiles = append(virtualFiles, fuse.DirEntry{Mode: virtualFileMode, Name: nametransform.DirIVFilename})
+ }
// This directory is a mountpoint. Present it as empty.
if rn.args.OneFileSystem && n.isOtherFilesystem {
- if rn.args.PlaintextNames {
- return fs.NewListDirStream(nil), 0
- } else {
- // An "empty" directory still has a gocryptfs.diriv file!
- return fs.NewListDirStream(virtualFiles), 0
- }
+ return fs.NewListDirStream(virtualFiles), 0
}
d, errno := n.prepareAtSyscall("")
@@ -64,7 +59,7 @@ func (n *Node) Readdir(ctx context.Context) (stream fs.DirStream, errno syscall.
return n.readdirPlaintextnames(entries)
}
- dirIV := pathiv.Derive(d.cPath, pathiv.PurposeDirIV)
+ dirIV := rn.deriveDirIV(d.cPath)
// Encrypt names
for i := range entries {
var cName string
diff --git a/internal/fusefrontend_reverse/node_helpers.go b/internal/fusefrontend_reverse/node_helpers.go
index 7b286a0..b7dc086 100644
--- a/internal/fusefrontend_reverse/node_helpers.go
+++ b/internal/fusefrontend_reverse/node_helpers.go
@@ -2,6 +2,7 @@ package fusefrontend_reverse
import (
"context"
+ "log"
"path/filepath"
"syscall"
@@ -129,8 +130,8 @@ func (n *Node) lookupLongnameName(ctx context.Context, nameFile string, out *fus
return
}
defer syscall.Close(fd)
- diriv := pathiv.Derive(d.cPath, pathiv.PurposeDirIV)
rn := n.rootNode()
+ diriv := rn.deriveDirIV(d.cPath)
pName, cFullname, errno := rn.findLongnameParent(fd, diriv, nameFile)
if errno != 0 {
return
@@ -160,6 +161,10 @@ func (n *Node) lookupLongnameName(ctx context.Context, nameFile string, out *fus
// lookupDiriv returns a new Inode for a gocryptfs.diriv file inside `n`.
func (n *Node) lookupDiriv(ctx context.Context, out *fuse.EntryOut) (ch *fs.Inode, errno syscall.Errno) {
+ if rn := n.rootNode(); rn.args.DeterministicNames {
+ log.Panic("BUG: lookupDiriv called but DeterministicNames is set")
+ }
+
d, errno := n.prepareAtSyscall("")
if errno != 0 {
return
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go
index 199473b..7ebedd7 100644
--- a/internal/fusefrontend_reverse/rpath.go
+++ b/internal/fusefrontend_reverse/rpath.go
@@ -2,6 +2,7 @@ package fusefrontend_reverse
import (
"encoding/base64"
+ "log"
"path/filepath"
"strings"
"syscall"
@@ -72,7 +73,7 @@ func (rn *RootNode) decryptPath(cPath string) (string, error) {
// Start at the top and recurse
currentCipherDir := filepath.Join(parts[:i]...)
currentPlainDir := filepath.Join(transformedParts[:i]...)
- dirIV := pathiv.Derive(currentCipherDir, pathiv.PurposeDirIV)
+ dirIV := rn.deriveDirIV(currentCipherDir)
transformedPart, err := rn.rDecryptName(parts[i], dirIV, currentPlainDir)
if err != nil {
return "", err
@@ -83,6 +84,17 @@ func (rn *RootNode) decryptPath(cPath string) (string, error) {
return pRelPath, nil
}
+// deriveDirIV wraps pathiv.Derive but takes DeterministicNames into account.
+func (rn *RootNode) deriveDirIV(cPath string) []byte {
+ if rn.args.PlaintextNames {
+ log.Panic("BUG: deriveDirIV called but PlaintextNames is set")
+ }
+ if rn.args.DeterministicNames {
+ return make([]byte, nametransform.DirIVLen)
+ }
+ return pathiv.Derive(cPath, pathiv.PurposeDirIV)
+}
+
// openBackingDir receives an already decrypted relative path
// "pRelPath", opens the directory that contains the target file/dir
// and returns the fd to the directory and the decrypted name of the
diff --git a/internal/fusefrontend_reverse/virtualnode.go b/internal/fusefrontend_reverse/virtualnode.go
index 2ee9548..328f021 100644
--- a/internal/fusefrontend_reverse/virtualnode.go
+++ b/internal/fusefrontend_reverse/virtualnode.go
@@ -43,9 +43,11 @@ func (n *Node) lookupFileType(cName string) fileType {
rn := n.rootNode()
// In -plaintextname mode, neither diriv nor longname files exist.
if !rn.args.PlaintextNames {
- // Is it a gocryptfs.diriv file?
- if cName == nametransform.DirIVFilename {
- return typeDiriv
+ if !rn.args.DeterministicNames {
+ // Is it a gocryptfs.diriv file?
+ if cName == nametransform.DirIVFilename {
+ return typeDiriv
+ }
}
// Is it a gocryptfs.longname.*.name file?
if t := nametransform.NameType(cName); t == nametransform.LongNameFilename {