From b17f0465c7c38cab2f1f4ad0fc25d64d5cd175e7 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Thu, 23 Jun 2016 21:29:00 +0200 Subject: Drop deprecated "-diriv" option The DirIV feature flag is already mandatory, dropping the command line option is the final step. --- internal/fusefrontend/args.go | 1 - internal/fusefrontend/fs.go | 27 ++++++--------------------- internal/fusefrontend/fs_dir.go | 12 +++--------- internal/fusefrontend/names.go | 6 ------ 4 files changed, 9 insertions(+), 37 deletions(-) (limited to 'internal/fusefrontend') diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go index 8520592..4f77973 100644 --- a/internal/fusefrontend/args.go +++ b/internal/fusefrontend/args.go @@ -6,7 +6,6 @@ type Args struct { Cipherdir string OpenSSL bool PlaintextNames bool - DirIV bool EMENames bool GCMIV128 bool LongNames bool diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index 26c9252..4342482 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -249,17 +249,10 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f if status != fuse.OK { return "", status } - // Old filesystem: symlinks are encrypted like paths (CBC) - if !fs.args.DirIV { - var target string - target, err = fs.decryptPath(cTarget) - if err != nil { - tlog.Warn.Printf("Readlink: CBC decryption failed: %v", err) - return "", fuse.EIO - } - return target, fuse.OK + if fs.args.PlaintextNames { + return cTarget, fuse.OK } - // Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM) + // Symlinks are encrypted like file contents (GCM) and base64-encoded cBinTarget, err := base64.URLEncoding.DecodeString(cTarget) if err != nil { tlog.Warn.Printf("Readlink: %v", err) @@ -316,19 +309,11 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co if err != nil { return fuse.ToStatus(err) } - // Before v0.5, symlinks were encrypted like paths (CBC) - // TODO drop compatibility and simplify code? - if !fs.args.DirIV { - var cTarget string - cTarget, err = fs.encryptPath(target) - if err != nil { - tlog.Warn.Printf("Symlink: BUG: we should not get an error here: %v", err) - return fuse.ToStatus(err) - } - err = os.Symlink(cTarget, cPath) + if fs.args.PlaintextNames { + err = os.Symlink(target, cPath) return fuse.ToStatus(err) } - + // Symlinks are encrypted like file contents (GCM) and base64-encoded cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil) cTarget := base64.URLEncoding.EncodeToString(cBinTarget) diff --git a/internal/fusefrontend/fs_dir.go b/internal/fusefrontend/fs_dir.go index f77486d..80a66ca 100644 --- a/internal/fusefrontend/fs_dir.go +++ b/internal/fusefrontend/fs_dir.go @@ -46,9 +46,6 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu if err != nil { return fuse.ToStatus(err) } - if !fs.args.DirIV { - return fuse.ToStatus(os.Mkdir(cPath, os.FileMode(mode))) - } // We need write and execute permissions to create gocryptfs.diriv origMode := mode mode = mode | 0300 @@ -98,9 +95,6 @@ func (fs *FS) Rmdir(path string, context *fuse.Context) (code fuse.Status) { if err != nil { return fuse.ToStatus(err) } - if !fs.args.DirIV { - return fuse.ToStatus(syscall.Rmdir(cPath)) - } parentDir := filepath.Dir(cPath) parentDirFd, err := os.Open(parentDir) @@ -215,10 +209,10 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f if cipherEntries == nil { return nil, status } - // Get DirIV (stays nil if DirIV if off) + // Get DirIV (stays nil if PlaintextNames is used) var cachedIV []byte var cDirAbsPath string - if fs.args.DirIV { + if !fs.args.PlaintextNames { // Read the DirIV once and use it for all later name decryptions cDirAbsPath = filepath.Join(fs.args.Cipherdir, cDirName) cachedIV, err = nametransform.ReadDirIV(cDirAbsPath) @@ -237,7 +231,7 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f // silently ignore "gocryptfs.conf" in the top level dir continue } - if fs.args.DirIV && cName == nametransform.DirIVFilename { + if !fs.args.PlaintextNames && cName == nametransform.DirIVFilename { // silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled continue } diff --git a/internal/fusefrontend/names.go b/internal/fusefrontend/names.go index 907b6b4..54b41ae 100644 --- a/internal/fusefrontend/names.go +++ b/internal/fusefrontend/names.go @@ -44,9 +44,6 @@ func (fs *FS) encryptPath(plainPath string) (string, error) { if fs.args.PlaintextNames { return plainPath, nil } - if !fs.args.DirIV { - return fs.nameTransform.EncryptPathNoIV(plainPath), nil - } fs.dirIVLock.RLock() cPath, err := fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir) tlog.Debug.Printf("encryptPath '%s' -> '%s' (err: %v)", plainPath, cPath, err) @@ -59,9 +56,6 @@ func (fs *FS) decryptPath(cipherPath string) (string, error) { if fs.args.PlaintextNames { return cipherPath, nil } - if !fs.args.DirIV { - return fs.nameTransform.DecryptPathNoIV(cipherPath) - } fs.dirIVLock.RLock() defer fs.dirIVLock.RUnlock() return fs.nameTransform.DecryptPathDirIV(cipherPath, fs.args.Cipherdir) -- cgit v1.2.3