From 2b12bba274ba75f76ac8c2af3790e4190b32396f Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Wed, 2 Jan 2019 21:45:40 +0100 Subject: fusefronted: make EncryptPath symlink-safe Finally allows us to delete EncryptPathDirIV. --- internal/nametransform/diriv.go | 67 ----------------------------------------- internal/nametransform/names.go | 5 ++- 2 files changed, 2 insertions(+), 70 deletions(-) (limited to 'internal/nametransform') diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go index b98de0c..93c4c68 100644 --- a/internal/nametransform/diriv.go +++ b/internal/nametransform/diriv.go @@ -25,26 +25,6 @@ const ( DirIVFilename = "gocryptfs.diriv" ) -// ReadDirIV - read the "gocryptfs.diriv" file from "dir" (absolute ciphertext path) -// This function is exported because it allows for an efficient readdir implementation. -// If the directory itself cannot be opened, a syscall error will be returned. -// Otherwise, a fmt.Errorf() error value is returned with the details. -// -// TODO: this function is not symlink-safe and should be deleted once the only -// remaining user, EncryptPathDirIV(), is gone. -func ReadDirIV(dir string) (iv []byte, err error) { - fd, err := os.Open(filepath.Join(dir, DirIVFilename)) - if err != nil { - // Note: getting errors here is normal because of concurrent deletes. - // Strip the useless annotation that os.Open has added and return - // the plain syscall error. The caller will log a nice message. - err2 := err.(*os.PathError) - return nil, err2.Err - } - defer fd.Close() - return fdReadDirIV(fd) -} - // ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd". // Using the dirfd makes it immune to concurrent renames of the directory. func ReadDirIVAt(dirfd int) (iv []byte, err error) { @@ -132,53 +112,6 @@ func (be *NameTransform) EncryptAndHashName(name string, iv []byte) string { return cName } -// EncryptPathDirIV - encrypt relative plaintext path "plainPath" using EME with -// DirIV. "rootDir" is the backing storage root directory. -// Components that are longer than 255 bytes are hashed if be.longnames == true. -// -// TODO: EncryptPathDirIV is NOT SAFE against symlink races. This function -// should eventually be deleted. -func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (string, error) { - var err error - // Empty string means root directory - if plainPath == "" { - return plainPath, nil - } - // Reject names longer than 255 bytes. - baseName := filepath.Base(plainPath) - if len(baseName) > unix.NAME_MAX { - return "", syscall.ENAMETOOLONG - } - // If we have the iv and the encrypted directory name in the cache, we - // can skip the directory walk. This optimization yields a 10% improvement - // in the tar extract benchmark. - parentDir := Dir(plainPath) - if iv, cParentDir := be.DirIVCache.Lookup(parentDir); iv != nil { - cBaseName := be.EncryptAndHashName(baseName, iv) - return filepath.Join(cParentDir, cBaseName), nil - } - // We have to walk the directory tree, starting at the root directory. - // ciphertext working directory (relative path) - cipherWD := "" - // plaintext working directory (relative path) - plainWD := "" - plainNames := strings.Split(plainPath, "/") - for _, plainName := range plainNames { - iv, _ := be.DirIVCache.Lookup(plainWD) - if iv == nil { - iv, err = ReadDirIV(filepath.Join(rootDir, cipherWD)) - if err != nil { - return "", err - } - be.DirIVCache.Store(plainWD, iv, cipherWD) - } - cipherName := be.EncryptAndHashName(plainName, iv) - cipherWD = filepath.Join(cipherWD, cipherName) - plainWD = filepath.Join(plainWD, plainName) - } - return cipherWD, nil -} - // Dir is like filepath.Dir but returns "" instead of ".". func Dir(path string) string { d := filepath.Dir(path) diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go index 22e639a..33128b9 100644 --- a/internal/nametransform/names.go +++ b/internal/nametransform/names.go @@ -74,11 +74,10 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error } // EncryptName encrypts "plainName", returns a base64-encoded "cipherName64". -// Used internally by EncryptPathDirIV(). // The encryption is either CBC or EME, depending on "useEME". // -// This function is exported because fusefrontend needs access to the full (not hashed) -// name if longname is used. Otherwise you should use EncryptPathDirIV() +// This function is exported because in some cases, fusefrontend needs access +// to the full (not hashed) name if longname is used. func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) { bin := []byte(plainName) bin = pad16(bin) -- cgit v1.2.3