From 2b8cbd944149afe51fadddbd67ee4499d1d86250 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 6 Feb 2016 19:20:54 +0100 Subject: Major refactoring: Split up "cryptfs" into several internal packages "git status" for reference: deleted: cryptfs/cryptfs.go deleted: cryptfs/names_core.go modified: integration_tests/cli_test.go modified: integration_tests/helpers.go renamed: cryptfs/config_file.go -> internal/configfile/config_file.go renamed: cryptfs/config_test.go -> internal/configfile/config_test.go renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf renamed: cryptfs/kdf.go -> internal/configfile/kdf.go renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go new file: internal/contentenc/content_api.go renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go new file: internal/cryptocore/crypto_api.go renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go new file: internal/nametransform/name_api.go new file: internal/nametransform/names_core.go renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go new file: internal/nametransform/pad16.go renamed: cryptfs/log.go -> internal/toggledlog/log.go renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go modified: main.go modified: masterkey.go modified: pathfs_frontend/file.go modified: pathfs_frontend/file_holes.go modified: pathfs_frontend/fs.go modified: pathfs_frontend/fs_dir.go modified: pathfs_frontend/names.go modified: test.bash --- cryptfs/names_diriv.go | 140 ------------------------------------------------- 1 file changed, 140 deletions(-) delete mode 100644 cryptfs/names_diriv.go (limited to 'cryptfs/names_diriv.go') diff --git a/cryptfs/names_diriv.go b/cryptfs/names_diriv.go deleted file mode 100644 index 276316c..0000000 --- a/cryptfs/names_diriv.go +++ /dev/null @@ -1,140 +0,0 @@ -package cryptfs - -import ( - "fmt" - "io/ioutil" - "os" - "path/filepath" - "strings" - "sync" -) - -// A simple one-entry DirIV cache -type dirIVCache struct { - // Invalidated? - cleared bool - // The DirIV - iv []byte - // Directory the DirIV belongs to - dir string - // Ecrypted version of "dir" - translatedDir string - // Synchronisation - lock sync.RWMutex -} - -// lookup - fetch entry for "dir" from the cache -func (c *dirIVCache) lookup(dir string) (bool, []byte, string) { - c.lock.RLock() - defer c.lock.RUnlock() - if !c.cleared && c.dir == dir { - return true, c.iv, c.translatedDir - } - return false, nil, "" -} - -// store - write entry for "dir" into the caches -func (c *dirIVCache) store(dir string, iv []byte, translatedDir string) { - c.lock.Lock() - defer c.lock.Unlock() - c.cleared = false - c.iv = iv - c.dir = dir - c.translatedDir = translatedDir -} - -func (c *dirIVCache) Clear() { - c.lock.Lock() - defer c.lock.Unlock() - c.cleared = true -} - -// readDirIV - read the "gocryptfs.diriv" file from "dir" (absolute ciphertext path) -func (be *CryptFS) ReadDirIV(dir string) (iv []byte, readErr error) { - ivfile := filepath.Join(dir, DIRIV_FILENAME) - Debug.Printf("ReadDirIV: reading %s\n", ivfile) - iv, readErr = ioutil.ReadFile(ivfile) - if readErr != nil { - // The directory may have been concurrently deleted or moved. Failure to - // read the diriv is not an error in that case. - _, statErr := os.Stat(dir) - if os.IsNotExist(statErr) { - Debug.Printf("ReadDirIV: Dir %s was deleted under our feet", dir) - } else { - // This should not happen - Warn.Printf("ReadDirIV: Dir exists but diriv does not: %v\n", readErr) - } - return nil, readErr - } - if len(iv) != DIRIV_LEN { - return nil, fmt.Errorf("ReadDirIV: Invalid length %d\n", len(iv)) - } - return iv, nil -} - -// WriteDirIV - create diriv file inside "dir" (absolute ciphertext path) -// This function is exported because it is used from pathfs_frontend, main, -// and also the automated tests. -func WriteDirIV(dir string) error { - iv := RandBytes(DIRIV_LEN) - file := filepath.Join(dir, DIRIV_FILENAME) - // 0444 permissions: the file is not secret but should not be written to - return ioutil.WriteFile(file, iv, 0444) -} - -// EncryptPathDirIV - encrypt path using EME with DirIV -func (be *CryptFS) EncryptPathDirIV(plainPath string, rootDir string, eme bool) (cipherPath string, err error) { - // Empty string means root directory - if plainPath == "" { - return plainPath, nil - } - // Check if the DirIV is cached - parentDir := filepath.Dir(plainPath) - found, iv, cParentDir := be.DirIVCache.lookup(parentDir) - if found { - //fmt.Print("h") - baseName := filepath.Base(plainPath) - cBaseName := be.encryptName(baseName, iv, eme) - cipherPath = cParentDir + "/" + cBaseName - return cipherPath, nil - } - // Walk the directory tree - var wd = rootDir - var encryptedNames []string - plainNames := strings.Split(plainPath, "/") - for _, plainName := range plainNames { - iv, err = be.ReadDirIV(wd) - if err != nil { - return "", err - } - encryptedName := be.encryptName(plainName, iv, eme) - encryptedNames = append(encryptedNames, encryptedName) - wd = filepath.Join(wd, encryptedName) - } - // Cache the final DirIV - cipherPath = strings.Join(encryptedNames, "/") - cParentDir = filepath.Dir(cipherPath) - be.DirIVCache.store(parentDir, iv, cParentDir) - return cipherPath, nil -} - -// DecryptPathDirIV - decrypt path using EME with DirIV -func (be *CryptFS) DecryptPathDirIV(encryptedPath string, rootDir string, eme bool) (string, error) { - var wd = rootDir - var plainNames []string - encryptedNames := strings.Split(encryptedPath, "/") - Debug.Printf("DecryptPathDirIV: decrypting %v\n", encryptedNames) - for _, encryptedName := range encryptedNames { - iv, err := be.ReadDirIV(wd) - if err != nil { - return "", err - } - plainName, err := be.decryptName(encryptedName, iv, eme) - if err != nil { - return "", err - } - plainNames = append(plainNames, plainName) - wd = filepath.Join(wd, encryptedName) - } - return filepath.Join(plainNames...), nil -} -- cgit v1.2.3