From 24554b11f773cd6c944b8be2f661962867897520 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 9 May 2020 19:11:06 +0200 Subject: gocryptfs-xray: integrate ctlsock path encryption/decryption Implementation seems to work ok, but is missing tests and documentation for now. I will only delete ctlsock-encrypt.bash when both are done. https://github.com/rfjakob/gocryptfs/issues/416 --- gocryptfs-xray/xray_main.go | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) (limited to 'gocryptfs-xray/xray_main.go') diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go index 34f695b..0777524 100644 --- a/gocryptfs-xray/xray_main.go +++ b/gocryptfs-xray/xray_main.go @@ -49,25 +49,54 @@ func usage() { " gocryptfs-xray -dumpmasterkey myfs/gocryptfs.conf\n") } +// sum counts the number of true values +func sum(x ...*bool) (s int) { + for _, v := range x { + if *v { + s++ + } + } + return s +} + func main() { - dumpmasterkey := flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") - aessiv := flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") + var args struct { + dumpmasterkey *bool + decryptPaths *bool + encryptPaths *bool + aessiv *bool + } + args.dumpmasterkey = flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") + args.decryptPaths = flag.Bool("decrypt-paths", false, "Decrypt file paths using gocryptfs control socket") + args.encryptPaths = flag.Bool("encrypt-paths", false, "Encrypt file paths using gocryptfs control socket") + args.aessiv = flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") flag.Usage = usage flag.Parse() + s := sum(args.dumpmasterkey, args.decryptPaths, args.encryptPaths) + if s > 1 { + fmt.Printf("fatal: %d operations were requested\n", s) + os.Exit(1) + } if flag.NArg() != 1 { usage() os.Exit(1) } fn := flag.Arg(0) + if *args.decryptPaths { + decryptPaths(fn) + } + if *args.encryptPaths { + encryptPaths(fn) + } fd, err := os.Open(fn) if err != nil { errExit(err) } defer fd.Close() - if *dumpmasterkey { + if *args.dumpmasterkey { dumpMasterKey(fn) } else { - inspectCiphertext(fd, *aessiv) + inspectCiphertext(fd, *args.aessiv) } } -- cgit v1.2.3