diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/fusefrontend/args.go | 2 | ||||
| -rw-r--r-- | internal/fusefrontend/node_dir_ops.go | 3 | ||||
| -rw-r--r-- | internal/nametransform/diriv.go | 16 |
3 files changed, 11 insertions, 10 deletions
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go index d92c3ff..02ffddb 100644 --- a/internal/fusefrontend/args.go +++ b/internal/fusefrontend/args.go @@ -53,4 +53,6 @@ type Args struct { // like rsync's `--one-file-system` does. // Only applicable to reverse mode. OneFileSystem bool + // ZeroDirIV creates diriv files as all-zero files + ZeroDirIV bool } diff --git a/internal/fusefrontend/node_dir_ops.go b/internal/fusefrontend/node_dir_ops.go index 6d03544..b43a4e4 100644 --- a/internal/fusefrontend/node_dir_ops.go +++ b/internal/fusefrontend/node_dir_ops.go @@ -35,6 +35,7 @@ func haveDsstore(entries []fuse.DirEntry) bool { // should be a handle to the parent directory, cName is the name of the new // directory and mode specifies the access permissions to use. func (n *Node) mkdirWithIv(dirfd int, cName string, mode uint32, context *fuse.Context) error { + rn := n.rootNode() // Between the creation of the directory and the creation of gocryptfs.diriv // the directory is inconsistent. Take the lock to prevent other readers @@ -48,7 +49,7 @@ func (n *Node) mkdirWithIv(dirfd int, cName string, mode uint32, context *fuse.C dirfd2, err := syscallcompat.Openat(dirfd, cName, syscall.O_DIRECTORY|syscall.O_NOFOLLOW|syscallcompat.O_PATH, 0) if err == nil { // Create gocryptfs.diriv - err = nametransform.WriteDirIVAt(dirfd2) + err = nametransform.WriteDirIVAt(dirfd2, !rn.args.ZeroDirIV) syscall.Close(dirfd2) } if err != nil { diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go index b10c899..a288aa5 100644 --- a/internal/nametransform/diriv.go +++ b/internal/nametransform/diriv.go @@ -1,7 +1,6 @@ package nametransform import ( - "bytes" "fmt" "io" "os" @@ -34,9 +33,6 @@ func ReadDirIVAt(dirfd int) (iv []byte, err error) { return fdReadDirIV(fd) } -// allZeroDirIV is preallocated to quickly check if the data read from disk is all zero -var allZeroDirIV = make([]byte, DirIVLen) - // fdReadDirIV reads and verifies the DirIV from an opened gocryptfs.diriv file. func fdReadDirIV(fd *os.File) (iv []byte, err error) { // We want to detect if the file is bigger than DirIVLen, so @@ -50,9 +46,6 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) { if len(iv) != DirIVLen { return nil, fmt.Errorf("wanted %d bytes, got %d", DirIVLen, len(iv)) } - if bytes.Equal(iv, allZeroDirIV) { - return nil, fmt.Errorf("diriv is all-zero") - } return iv, nil } @@ -60,8 +53,13 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) { // "dirfd". On error we try to delete the incomplete file. // This function is exported because it is used from fusefrontend, main, // and also the automated tests. -func WriteDirIVAt(dirfd int) error { - iv := cryptocore.RandBytes(DirIVLen) +func WriteDirIVAt(dirfd int, randomInitialization bool) error { + var iv []byte + if randomInitialization { + iv = cryptocore.RandBytes(DirIVLen) + } else { + iv = make([]byte, DirIVLen) + } // 0400 permissions: gocryptfs.diriv should never be modified after creation. // Don't use "ioutil.WriteFile", it causes trouble on NFS: // https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed |