Re-design of the original gocryptfs code to work as a library.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
libgocryptfs/helpers.go

184 lines
4.9 KiB

1 year ago
package main
import (
"path/filepath"
"strings"
"syscall"
"./internal/configfile"
"./internal/nametransform"
"./internal/syscallcompat"
)
// isFiltered - check if plaintext "path" should be forbidden
//
// Prevents name clashes with internal files when file names are not encrypted
func (volume *Volume) isFiltered(path string) bool {
if !volume.plainTextNames {
return false
}
// gocryptfs.conf in the root directory is forbidden
if path == configfile.ConfDefaultName {
return true
}
// Note: gocryptfs.diriv is NOT forbidden because diriv and plaintextnames
// are exclusive
return false
}
func (volume *Volume) openBackingDir(relPath string) (dirfd int, cName string, err error) {
dirRelPath := nametransform.Dir(relPath)
// With PlaintextNames, we don't need to read DirIVs. Easy.
if volume.plainTextNames {
dirfd, err = syscallcompat.OpenDirNofollow(volume.rootCipherDir, dirRelPath)
if err != nil {
return -1, "", err
}
// If relPath is empty, cName is ".".
cName = filepath.Base(relPath)
return dirfd, cName, nil
}
// Open cipherdir (following symlinks)
dirfd, err = syscallcompat.Open(volume.rootCipherDir, syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
if err != nil {
return -1, "", err
}
// If relPath is empty, cName is ".".
if relPath == "" {
return dirfd, ".", nil
}
// Walk the directory tree
parts := strings.Split(relPath, "/")
for i, name := range parts {
iv, err := volume.nameTransform.ReadDirIVAt(dirfd)
1 year ago
if err != nil {
syscall.Close(dirfd)
return -1, "", err
}
cName, err = volume.nameTransform.EncryptAndHashName(name, iv)
if err != nil {
syscall.Close(dirfd)
return -1, "", err
}
// Last part? We are done.
if i == len(parts)-1 {
break
}
// Not the last part? Descend into next directory.
dirfd2, err := syscallcompat.Openat(dirfd, cName, syscall.O_NOFOLLOW|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
syscall.Close(dirfd)
if err != nil {
return -1, "", err
}
dirfd = dirfd2
}
return dirfd, cName, nil
}
func (volume *Volume) prepareAtSyscall(path string) (dirfd int, cName string, err error) {
// root node itself is special
if path == "" {
return volume.openBackingDir(path)
}
// Cache lookup
// TODO make it work for plaintextnames as well?
if !volume.plainTextNames {
directory, ok := volume.dirCache[path]
if ok {
if directory.fd > 0 {
cName, err := volume.nameTransform.EncryptAndHashName(filepath.Base(path), directory.iv)
if err != nil {
return -1, "", err
}
dirfd, err = syscall.Dup(directory.fd)
if err != nil {
return -1, "", err
}
return dirfd, cName, nil
}
}
}
// Slowpath
if volume.isFiltered(path) {
return -1, "", syscall.EPERM
}
dirfd, cName, err = volume.openBackingDir(path)
if err != nil {
return -1, "", err
}
// Cache store
if !volume.plainTextNames {
// TODO: openBackingDir already calls ReadDirIVAt(). Avoid duplicate work?
iv, err := volume.nameTransform.ReadDirIVAt(dirfd)
1 year ago
if err != nil {
syscall.Close(dirfd)
return -1, "", err
}
dirfdDup, err := syscall.Dup(dirfd)
if err == nil {
var pathCopy strings.Builder
pathCopy.WriteString(path)
volume.dirCache[pathCopy.String()] = Directory{dirfdDup, iv}
}
}
return
}
// decryptSymlinkTarget: "cData64" is base64-decoded and decrypted
// like file contents (GCM).
// The empty string decrypts to the empty string.
//
// This function does not do any I/O and is hence symlink-safe.
func (volume *Volume) decryptSymlinkTarget(cData64 string) (string, error) {
if cData64 == "" {
return "", nil
}
cData, err := volume.nameTransform.B64DecodeString(cData64)
if err != nil {
return "", err
}
data, err := volume.contentEnc.DecryptBlock([]byte(cData), 0, nil)
if err != nil {
return "", err
}
return string(data), nil
}
// readlink reads and decrypts a symlink. Used by Readlink, Getattr, Lookup.
func (volume *Volume) readlink(dirfd int, cName string) []byte {
cTarget, err := syscallcompat.Readlinkat(dirfd, cName)
if err != nil {
return nil
}
if volume.plainTextNames {
return []byte(cTarget)
}
// Symlinks are encrypted like file contents (GCM) and base64-encoded
target, err := volume.decryptSymlinkTarget(cTarget)
if err != nil {
return nil
}
return []byte(target)
}
func isRegular(mode uint32) bool { return (mode & syscall.S_IFMT) == syscall.S_IFREG }
func isSymlink(mode uint32) bool { return (mode & syscall.S_IFMT) == syscall.S_IFLNK }
// translateSize translates the ciphertext size in `out` into plaintext size.
// Handles regular files & symlinks (and finds out what is what by looking at
// `out.Mode`).
func (volume *Volume) translateSize(dirfd int, cName string, st *syscall.Stat_t) uint64 {
size := uint64(st.Size)
1 year ago
if isRegular(st.Mode) {
size = volume.contentEnc.CipherSizeToPlainSize(uint64(st.Size))
} else if isSymlink(st.Mode) {
target := volume.readlink(dirfd, cName)
size = uint64(len(target))
}
return size
}