aboutsummaryrefslogtreecommitdiff
path: root/internal/nametransform/names.go
AgeCommit message (Collapse)Author
2021-06-20nametransform: pass badname patterns via NewJakob Unterwurzacher
This means we can unexport the field.
2021-06-20Badname file content accessDerDonut
This proposal is the counterpart of the modifications from the `-badname` parameter. It modifies the plain -> cipher mapping for filenames when using `-badname` parameter. The new function `EncryptAndHashBadName` tries to find a cipher filename for the given plain name with the following steps: 1. If `badname` is disabled or direct mapping is successful: Map directly (default and current behaviour) 2. If a file with badname flag has a valid cipher file, this is returned (=File just ends with the badname flag) 3. If a file with a badname flag exists where only the badname flag was added, this is returned (=File cipher name could not be decrypted by function `DecryptName` and just the badname flag was added) 4. Search for all files which cipher file name extists when cropping more and more characters from the end. If only 1 file is found, return this 5. Return an error otherwise This allows file access in the file browsers but most important it allows that you rename files with undecryptable cipher names in the plain directories. Renaming those files will then generate a proper cipher filename One backdraft: When mounting the cipher dir with -badname parameter, you can never create (or rename to) files whose file name ends with the badname file flag (at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error. I modified the CLI test function to cover additional test cases. Test [Case 7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712) cannot be performed since the cli tests are executed in panic mode. The testing is stopped on error. Since the function`DecryptName` produces internal errors when hitting non-decryptable file names, this test was omitted. This implementation is a proposal where I tried to change the minimum amount of existing code. Another possibility would be instead of creating the new function `EncryptAndHashBadName` to modify the signature of the existing function `EncryptAndHashName(name string, iv []byte)` to `EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the functionality into this function directly. You may allow calling with dirfd=-1 or other invalid values an then performing the current functionality.
2021-06-02nametransform: check name validity on encryptionJakob Unterwurzacher
xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
2020-08-02v2api/reverse: implement Lookup for longnameJakob Unterwurzacher
2020-06-06badname: stop trying to decrypt at length 22Jakob Unterwurzacher
At least 16 bytes due to AES --> at least 22 characters in base64
2020-06-06Added auto decryption of invalid file namesDerDonut
Changed invalid file decoding and decryption. Function DecryptName now shortens the filename until the filename is decodable and decryptable. Will work with valid **and** invalid Base64URL delimiter (valid delimiter [0-9a-zA-z_\\-]. If the filename is not decryptable at all, it returns the original cipher name with flag suffix Changed cli tests to generate decryptable and undecryptable file names with correct encrypted content. Replacing #474, extends #393
2020-04-18nametransform: update comment & simplify testsJakob Unterwurzacher
The comment still mentioned CBC, which has been removed a long time ago. The test definition can be rewritten using slice literals, saving sume stuttering.
2020-02-28Show undecryptable filenames if they match supplied globorcas
Resolves https://github.com/rfjakob/gocryptfs/issues/393
2019-03-26reverse mode: support wildcard exclude (--exclude-wildcard)Eduardo M KALINOWSKI
This adds support for gitignore-like wildcards and exclude patters in reverse mode. It (somewhat) fixes #273: no regexp support, but the syntax should be powerful enough to satisfy most needs. Also, since adding a lot of --exclude options can be tedious, it adds the --exclude-from option to read patterns from a file (or files).
2019-02-17nametransform: reject names longer than 255 charsJakob Unterwurzacher
Looks like we allowed creating longer names by accident. Fix that, and add a test that verifies it.
2019-01-03fusefrontend: add dirCacheJakob Unterwurzacher
2019-01-02fusefronted: make EncryptPath symlink-safeJakob Unterwurzacher
Finally allows us to delete EncryptPathDirIV.
2018-12-27Assorted spelling fixes.Sebastian Lackner
Mostly detected with the 'codespell' utility, but also includes some manual grammar fixes.
2017-11-22nametransform: Return error if decrypted name is '.' or '..'Sebastian Lackner
2017-08-06nametransform: move diriv cache into it's own packageJakob Unterwurzacher
Needs some space to grow. renamed: internal/nametransform/diriv_cache.go -> internal/nametransform/dirivcache/dirivcache.go
2017-05-23nametransform: harden name decryption against invalid inputJakob Unterwurzacher
This fixes a few issues I have found reviewing the code: 1) Limit the amount of data ReadLongName() will read. Previously, you could send gocryptfs into out-of-memory by symlinking gocryptfs.diriv to /dev/zero. 2) Handle the empty input case in unPad16() by returning an error. Previously, it would panic with an out-of-bounds array read. It is unclear to me if this could actually be triggered. 3) Reject empty names after base64-decoding in DecryptName(). An empty name crashes emeCipher.Decrypt(). It is unclear to me if B64.DecodeString() can actually return a non-error empty result, but let's guard against it anyway.
2017-05-07nametranform, fusefrontend: better errors on invalid namesJakob Unterwurzacher
nametransform.DecryptName() now always returns syscall.EBADMSG if the name was invalid. fusefrontend.OpenDir error messages have been normalized.
2017-03-05nametransform: fix Raw64 not affecting symlink targetsJakob Unterwurzacher
The symlink functions incorrectly hardcoded the padded base64 variant.
2017-03-05Drop Go 1.4 compatability code everywhereJakob Unterwurzacher
Yields a nice reduction in code size.
2017-03-05cryptocore: use eme v1.1 interfaceJakob Unterwurzacher
Version 1.1 of the EME package (github.com/rfjakob/eme) added a more convenient interface. Use it. Note that you have to upgrade your EME package (go get -u)!
2016-11-01Add Go 1.4 compatibility layer for raw64Jakob Unterwurzacher
Using raw64 will not work, but at least it will compile.
2016-11-01Add support for unpadded base64 filenames, "-raw64"Jakob Unterwurzacher
Through base64.RawURLEncoding. New command-line parameter "-raw64".
2016-10-04lint fixesValient Gough
2016-09-25nametransform: downgrade invalid length warningJakob Unterwurzacher
This happens all the time in reverse mode when somebody stats an encrypted symlink target.
2016-09-25nametransform: delete unused function DecryptPathDirIVJakob Unterwurzacher
2016-09-25reverse: add symlink encryption and Readlink supportJakob Unterwurzacher
2016-09-25nametransform: return EINVAL on invalid paddingJakob Unterwurzacher
With the generic fmt.Errorf we trigger a warning from go-fuse: 2016/09/21 21:42:31 can't convert error type: Invalid padding
2016-07-06Add godoc comments to all internal packagesJakob Unterwurzacher
2016-07-03nametransform: hide detailed padding error behind the debug flagJakob Unterwurzacher
unPad16 returns detailed errors including the position of the incorrect bytes. Kill a possible padding oracle by lumping everything into a generic error. The detailed error is only logged if debug is active.
2016-06-23Drop deprecated "-emenames" optionJakob Unterwurzacher
The EMENames feature flag is already mandatory, dropping the command line option is the final step.
2016-06-16Rename nametransform, contentenc source filesJakob Unterwurzacher
Let's have shorter names, and merge *_api.go into the "main" file. No code changes.