1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
package cryptfs
import (
"strings"
)
const (
OpEncrypt = iota
OpDecrypt
)
// DecryptPathNoIV - decrypt path using CBC without any IV.
// This function is deprecated by the the more secure DirIV variant and only retained
// for compatability with old filesystems.
func (be *CryptFS) DecryptPathNoIV(cipherPath string) (plainPath string, err error) {
plainPath, err = be.translatePathNoIV(cipherPath, OpDecrypt)
return plainPath, err
}
// EncryptPathNoIV - decrypt path using CBC without any IV.
// This function is deprecated by the the more secure DirIV variant and only retained
// for compatability with old filesystems.
func (be *CryptFS) EncryptPathNoIV(plainPath string) (cipherPath string) {
cipherPath, _ = be.translatePathNoIV(plainPath, OpEncrypt)
return cipherPath
}
// translatePathZeroIV - encrypt or decrypt path using CBC with an all-zero IV.
// Just splits the string on "/" and hands the parts to encryptName() / decryptName()
func (be *CryptFS) translatePathNoIV(path string, op int) (string, error) {
var err error
// Empty string means root directory
if path == "" {
return path, err
}
zeroIV := make([]byte, DIRIV_LEN)
// Run operation on each path component
var translatedParts []string
parts := strings.Split(path, "/")
for _, part := range parts {
if part == "" {
// This happens on "/foo/bar/" on the front and on the end.
// Don't panic.
translatedParts = append(translatedParts, "")
continue
}
var newPart string
if op == OpEncrypt {
newPart = be.encryptName(part, zeroIV, false)
} else {
newPart, err = be.decryptName(part, zeroIV, false)
if err != nil {
return "", err
}
}
translatedParts = append(translatedParts, newPart)
}
return strings.Join(translatedParts, "/"), err
}
|
