1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
package cryptfs
import (
"fmt"
"io/ioutil"
"path/filepath"
"strings"
"sync"
)
// A simple one-entry DirIV cache
type DirIVCache struct {
// Invalidated?
cleared bool
// The DirIV
iv []byte
// Directory the DirIV belongs to
dir string
// Ecrypted version of "dir"
translatedDir string
// Synchronisation
lock sync.RWMutex
}
// lookup - fetch entry for "dir" from the cache
func (c *DirIVCache) lookup(dir string) (bool, []byte, string) {
c.lock.RLock()
defer c.lock.RUnlock()
if !c.cleared && c.dir == dir {
return true, c.iv, c.translatedDir
}
return false, nil, ""
}
// store - write entry for "dir" into the caches
func (c *DirIVCache) store(dir string, iv []byte, translatedDir string) {
c.lock.Lock()
defer c.lock.Unlock()
c.cleared = false
c.iv = iv
c.dir = dir
c.translatedDir = translatedDir
}
func (c *DirIVCache) Clear() {
c.lock.Lock()
defer c.lock.Unlock()
c.cleared = true
}
// readDirIV - read the "gocryptfs.diriv" file from "dir" (absolute ciphertext path)
func (be *CryptFS) ReadDirIV(dir string) (iv []byte, err error) {
ivfile := filepath.Join(dir, DIRIV_FILENAME)
Debug.Printf("readDirIV: reading %s\n", ivfile)
iv, err = ioutil.ReadFile(ivfile)
if err != nil {
Warn.Printf("readDirIV: %v\n", err)
return nil, err
}
if len(iv) != DIRIV_LEN {
return nil, fmt.Errorf("readDirIV: Invalid length %d\n", len(iv))
}
return iv, nil
}
// WriteDirIV - create diriv file inside "dir" (absolute ciphertext path)
// This function is exported because it is used from pathfs_frontend, main,
// and also the automated tests.
func WriteDirIV(dir string) error {
iv := RandBytes(DIRIV_LEN)
file := filepath.Join(dir, DIRIV_FILENAME)
// 0444 permissions: the file is not secret but should not be written to
return ioutil.WriteFile(file, iv, 0444)
}
// EncryptPathDirIV - encrypt path using CBC or EME with DirIV
func (be *CryptFS) EncryptPathDirIV(plainPath string, rootDir string, eme bool) (cipherPath string, err error) {
// Empty string means root directory
if plainPath == "" {
return plainPath, nil
}
// Check if the DirIV is cached
parentDir := filepath.Dir(plainPath)
found, iv, cParentDir := be.DirIVCacheEnc.lookup(parentDir)
if found {
//fmt.Print("h")
baseName := filepath.Base(plainPath)
cBaseName := be.encryptName(baseName, iv, eme)
cipherPath = cParentDir + "/" + cBaseName
return cipherPath, nil
}
// Walk the directory tree
var wd = rootDir
var encryptedNames []string
plainNames := strings.Split(plainPath, "/")
for _, plainName := range plainNames {
iv, err = be.ReadDirIV(wd)
if err != nil {
return "", err
}
encryptedName := be.encryptName(plainName, iv, eme)
encryptedNames = append(encryptedNames, encryptedName)
wd = filepath.Join(wd, encryptedName)
}
// Cache the final DirIV
cipherPath = strings.Join(encryptedNames, "/")
cParentDir = filepath.Dir(cipherPath)
be.DirIVCacheEnc.store(parentDir, iv, cParentDir)
return cipherPath, nil
}
// DecryptPathDirIV - encrypt path using CBC or EME with DirIV
func (be *CryptFS) DecryptPathDirIV(encryptedPath string, rootDir string, eme bool) (string, error) {
var wd = rootDir
var plainNames []string
encryptedNames := strings.Split(encryptedPath, "/")
Debug.Printf("DecryptPathDirIV: decrypting %v\n", encryptedNames)
for _, encryptedName := range encryptedNames {
iv, err := be.ReadDirIV(wd)
if err != nil {
return "", err
}
plainName, err := be.decryptName(encryptedName, iv, eme)
if err != nil {
return "", err
}
plainNames = append(plainNames, plainName)
wd = filepath.Join(wd, encryptedName)
}
return filepath.Join(plainNames...), nil
}
|
