2016-02-06 19:20:54 +01:00
|
|
|
package nametransform
|
2015-11-27 00:03:10 +01:00
|
|
|
|
|
|
|
import (
|
2017-05-25 14:21:55 +02:00
|
|
|
"bytes"
|
2018-04-02 18:32:30 +02:00
|
|
|
"fmt"
|
2016-11-06 14:09:34 +01:00
|
|
|
"io"
|
2017-11-30 20:53:38 +01:00
|
|
|
"log"
|
2016-01-25 00:51:28 +01:00
|
|
|
"os"
|
2015-11-27 22:18:36 +01:00
|
|
|
"path/filepath"
|
2015-11-27 00:03:10 +01:00
|
|
|
"strings"
|
2016-02-07 14:02:09 +01:00
|
|
|
"syscall"
|
2016-02-06 19:20:54 +01:00
|
|
|
|
2018-02-01 23:46:02 +01:00
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
|
2016-02-06 19:20:54 +01:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
2016-07-03 20:17:40 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
2016-06-15 23:30:44 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
2016-02-06 19:20:54 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-10-02 06:14:18 +02:00
|
|
|
// DirIVLen is identical to AES block size
|
2016-09-02 23:39:50 +02:00
|
|
|
DirIVLen = 16
|
2016-10-02 06:14:18 +02:00
|
|
|
// DirIVFilename is the filename used to store directory IV.
|
|
|
|
// Exported because we have to ignore this name in directory listing.
|
2016-02-06 20:23:36 +01:00
|
|
|
DirIVFilename = "gocryptfs.diriv"
|
2015-11-27 00:03:10 +01:00
|
|
|
)
|
|
|
|
|
2016-02-06 22:54:14 +01:00
|
|
|
// ReadDirIV - read the "gocryptfs.diriv" file from "dir" (absolute ciphertext path)
|
2016-04-10 19:32:10 +02:00
|
|
|
// This function is exported because it allows for an efficient readdir implementation.
|
2018-04-02 18:32:30 +02:00
|
|
|
// If the directory itself cannot be opened, a syscall error will be returned.
|
|
|
|
// Otherwise, a fmt.Errorf() error value is returned with the details.
|
2016-04-10 19:32:10 +02:00
|
|
|
func ReadDirIV(dir string) (iv []byte, err error) {
|
2016-09-21 23:22:13 +02:00
|
|
|
fd, err := os.Open(filepath.Join(dir, DirIVFilename))
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
2016-10-07 22:36:29 +02:00
|
|
|
// Note: getting errors here is normal because of concurrent deletes.
|
2018-04-02 18:32:30 +02:00
|
|
|
// Strip the useless annotation that os.Open has added and return
|
|
|
|
// the plain syscall error. The caller will log a nice message.
|
|
|
|
err2 := err.(*os.PathError)
|
|
|
|
return nil, err2.Err
|
2015-11-27 22:20:01 +01:00
|
|
|
}
|
2016-09-21 23:22:13 +02:00
|
|
|
defer fd.Close()
|
|
|
|
return fdReadDirIV(fd)
|
2016-04-10 19:32:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
|
|
|
|
// Using the dirfd makes it immune to concurrent renames of the directory.
|
|
|
|
func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) {
|
2017-11-30 19:40:53 +01:00
|
|
|
fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename,
|
|
|
|
syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
2018-04-02 18:32:30 +02:00
|
|
|
return nil, fmt.Errorf("openat failed: %v", err)
|
2016-04-10 19:32:10 +02:00
|
|
|
}
|
|
|
|
fd := os.NewFile(uintptr(fdRaw), DirIVFilename)
|
|
|
|
defer fd.Close()
|
2016-09-21 23:22:13 +02:00
|
|
|
return fdReadDirIV(fd)
|
|
|
|
}
|
2016-04-10 19:32:10 +02:00
|
|
|
|
2017-05-25 14:21:55 +02:00
|
|
|
// allZeroDirIV is preallocated to quickly check if the data read from disk is all zero
|
|
|
|
var allZeroDirIV = make([]byte, DirIVLen)
|
|
|
|
|
2016-09-21 23:22:13 +02:00
|
|
|
// fdReadDirIV reads and verifies the DirIV from an opened gocryptfs.diriv file.
|
|
|
|
func fdReadDirIV(fd *os.File) (iv []byte, err error) {
|
2016-09-02 23:39:50 +02:00
|
|
|
// We want to detect if the file is bigger than DirIVLen, so
|
2016-10-24 19:18:13 +02:00
|
|
|
// make the buffer 1 byte bigger than necessary.
|
2016-09-02 23:39:50 +02:00
|
|
|
iv = make([]byte, DirIVLen+1)
|
2016-04-10 19:32:10 +02:00
|
|
|
n, err := fd.Read(iv)
|
2016-11-06 14:09:34 +01:00
|
|
|
if err != nil && err != io.EOF {
|
2018-04-02 18:32:30 +02:00
|
|
|
return nil, fmt.Errorf("read failed: %v", err)
|
2016-04-10 19:32:10 +02:00
|
|
|
}
|
|
|
|
iv = iv[0:n]
|
2016-09-02 23:39:50 +02:00
|
|
|
if len(iv) != DirIVLen {
|
2018-04-02 18:32:30 +02:00
|
|
|
return nil, fmt.Errorf("wanted %d bytes, got %d", DirIVLen, len(iv))
|
2015-11-27 22:20:01 +01:00
|
|
|
}
|
2017-05-25 14:21:55 +02:00
|
|
|
if bytes.Equal(iv, allZeroDirIV) {
|
2018-04-02 18:32:30 +02:00
|
|
|
return nil, fmt.Errorf("diriv is all-zero")
|
2017-05-25 14:21:55 +02:00
|
|
|
}
|
2015-11-27 22:20:01 +01:00
|
|
|
return iv, nil
|
2015-11-27 00:03:10 +01:00
|
|
|
}
|
|
|
|
|
2017-11-30 20:53:38 +01:00
|
|
|
// WriteDirIV - create diriv file inside of the specified directory. If dirfd
|
|
|
|
// is nil "dir" should be the absolute path to the directory. If dirfd != nil
|
|
|
|
// "dir" should be a path (without slashes) relative to the directory
|
|
|
|
// described by "dirfd". This function is exported because it is used from
|
|
|
|
// pathfs_frontend, main, and also the automated tests.
|
2017-11-29 13:21:28 +01:00
|
|
|
func WriteDirIV(dirfd *os.File, dir string) error {
|
2017-11-30 20:53:38 +01:00
|
|
|
// For relative paths we do not expect that "dir" contains slashes
|
|
|
|
if dirfd != nil && strings.Contains(dir, "/") {
|
|
|
|
log.Panicf("WriteDirIV: Relative path should not contain slashes: %v", dir)
|
|
|
|
}
|
2016-09-02 23:39:50 +02:00
|
|
|
iv := cryptocore.RandBytes(DirIVLen)
|
2016-02-06 19:20:54 +01:00
|
|
|
file := filepath.Join(dir, DirIVFilename)
|
nametransform: WriteDirIV: replace ioutil.WriteFile
As reported at https://github.com/rfjakob/gocryptfs/issues/105 ,
the "ioutil.WriteFile(file, iv, 0400)" call causes "permissions denied"
errors on an NFSv4 setup.
"strace"ing diriv creation and gocryptfs.conf creation shows this:
conf (works on the user's NFSv4 mount):
openat(AT_FDCWD, "/tmp/a/gocryptfs.conf.tmp", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3
diriv (fails):
openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0400) = 3
This patch creates the diriv file with the same flags that are used for
creating the conf:
openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3
Closes https://github.com/rfjakob/gocryptfs/issues/105
2017-04-29 14:15:13 +02:00
|
|
|
// 0400 permissions: gocryptfs.diriv should never be modified after creation.
|
|
|
|
// Don't use "ioutil.WriteFile", it causes trouble on NFS: https://github.com/rfjakob/gocryptfs/issues/105
|
2017-11-29 13:21:28 +01:00
|
|
|
fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), file, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400)
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
2017-11-29 13:21:28 +01:00
|
|
|
tlog.Warn.Printf("WriteDirIV: Openat: %v", err)
|
nametransform: WriteDirIV: replace ioutil.WriteFile
As reported at https://github.com/rfjakob/gocryptfs/issues/105 ,
the "ioutil.WriteFile(file, iv, 0400)" call causes "permissions denied"
errors on an NFSv4 setup.
"strace"ing diriv creation and gocryptfs.conf creation shows this:
conf (works on the user's NFSv4 mount):
openat(AT_FDCWD, "/tmp/a/gocryptfs.conf.tmp", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3
diriv (fails):
openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0400) = 3
This patch creates the diriv file with the same flags that are used for
creating the conf:
openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3
Closes https://github.com/rfjakob/gocryptfs/issues/105
2017-04-29 14:15:13 +02:00
|
|
|
return err
|
2016-04-10 19:32:10 +02:00
|
|
|
}
|
2017-11-29 13:21:28 +01:00
|
|
|
fd := os.NewFile(uintptr(fdRaw), file)
|
nametransform: WriteDirIV: replace ioutil.WriteFile
As reported at https://github.com/rfjakob/gocryptfs/issues/105 ,
the "ioutil.WriteFile(file, iv, 0400)" call causes "permissions denied"
errors on an NFSv4 setup.
"strace"ing diriv creation and gocryptfs.conf creation shows this:
conf (works on the user's NFSv4 mount):
openat(AT_FDCWD, "/tmp/a/gocryptfs.conf.tmp", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3
diriv (fails):
openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0400) = 3
This patch creates the diriv file with the same flags that are used for
creating the conf:
openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3
Closes https://github.com/rfjakob/gocryptfs/issues/105
2017-04-29 14:15:13 +02:00
|
|
|
_, err = fd.Write(iv)
|
|
|
|
if err != nil {
|
|
|
|
tlog.Warn.Printf("WriteDirIV: Write: %v", err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
err = fd.Close()
|
|
|
|
if err != nil {
|
|
|
|
tlog.Warn.Printf("WriteDirIV: Close: %v", err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
2015-11-27 21:48:58 +01:00
|
|
|
}
|
|
|
|
|
2017-08-06 21:23:42 +02:00
|
|
|
// encryptAndHashName encrypts "name" and hashes it to a longname if it is
|
|
|
|
// too long.
|
|
|
|
func (be *NameTransform) encryptAndHashName(name string, iv []byte) string {
|
|
|
|
cName := be.EncryptName(name, iv)
|
2018-02-01 23:46:02 +01:00
|
|
|
if be.longNames && len(cName) > unix.NAME_MAX {
|
2017-08-06 21:23:42 +02:00
|
|
|
return be.HashLongName(cName)
|
|
|
|
}
|
|
|
|
return cName
|
|
|
|
}
|
|
|
|
|
2017-05-22 22:26:59 +02:00
|
|
|
// EncryptPathDirIV - encrypt relative plaintext path "plainPath" using EME with
|
|
|
|
// DirIV. "rootDir" is the backing storage root directory.
|
2016-04-10 19:32:10 +02:00
|
|
|
// Components that are longer than 255 bytes are hashed if be.longnames == true.
|
2017-08-09 21:44:15 +02:00
|
|
|
func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (string, error) {
|
|
|
|
var err error
|
2015-11-27 00:03:10 +01:00
|
|
|
// Empty string means root directory
|
|
|
|
if plainPath == "" {
|
|
|
|
return plainPath, nil
|
|
|
|
}
|
2017-08-09 21:44:15 +02:00
|
|
|
// Reject names longer than 255 bytes.
|
2016-02-07 14:02:09 +01:00
|
|
|
baseName := filepath.Base(plainPath)
|
2018-02-01 23:46:02 +01:00
|
|
|
if len(baseName) > unix.NAME_MAX {
|
2016-02-07 14:02:09 +01:00
|
|
|
return "", syscall.ENAMETOOLONG
|
|
|
|
}
|
2017-08-09 21:44:15 +02:00
|
|
|
// If we have the iv and the encrypted directory name in the cache, we
|
|
|
|
// can skip the directory walk. This optimization yields a 10% improvement
|
|
|
|
// in the tar extract benchmark.
|
|
|
|
parentDir := Dir(plainPath)
|
|
|
|
if iv, cParentDir := be.DirIVCache.Lookup(parentDir); iv != nil {
|
2017-08-06 21:23:42 +02:00
|
|
|
cBaseName := be.encryptAndHashName(baseName, iv)
|
|
|
|
return filepath.Join(cParentDir, cBaseName), nil
|
2015-11-29 21:41:38 +01:00
|
|
|
}
|
2017-08-09 21:44:15 +02:00
|
|
|
// We have to walk the directory tree, starting at the root directory.
|
|
|
|
// ciphertext working directory (relative path)
|
|
|
|
cipherWD := ""
|
|
|
|
// plaintext working directory (relative path)
|
|
|
|
plainWD := ""
|
2015-11-27 00:03:10 +01:00
|
|
|
plainNames := strings.Split(plainPath, "/")
|
|
|
|
for _, plainName := range plainNames {
|
2017-08-09 21:44:15 +02:00
|
|
|
iv, _ := be.DirIVCache.Lookup(plainWD)
|
|
|
|
if iv == nil {
|
|
|
|
iv, err = ReadDirIV(filepath.Join(rootDir, cipherWD))
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
be.DirIVCache.Store(plainWD, iv, cipherWD)
|
2015-11-27 00:03:10 +01:00
|
|
|
}
|
2017-08-09 21:44:15 +02:00
|
|
|
cipherName := be.encryptAndHashName(plainName, iv)
|
|
|
|
cipherWD = filepath.Join(cipherWD, cipherName)
|
|
|
|
plainWD = filepath.Join(plainWD, plainName)
|
2015-11-27 00:03:10 +01:00
|
|
|
}
|
2017-08-09 21:44:15 +02:00
|
|
|
return cipherWD, nil
|
2015-11-27 00:03:10 +01:00
|
|
|
}
|
2017-08-06 23:12:27 +02:00
|
|
|
|
|
|
|
// Dir is like filepath.Dir but returns "" instead of ".".
|
|
|
|
func Dir(path string) string {
|
|
|
|
d := filepath.Dir(path)
|
|
|
|
if d == "." {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
return d
|
|
|
|
}
|